Original issue date: March 3, 1995<BR>
Last revised: September 23, 1997<BR>
Updated copyright statement

<P>A complete revision history is at the end of this file.

<B>This advisory supersedes CA-95.03.</B>

<P>The CERT Coordination Center has received reports of a serious security
problem in the Berkeley Telnet clients that provide support for the
experimental Telnet encryption option using the Kerberos V4 authentication.
All known released versions of the BSD Telnet that support Kerberos V4
authentication and encryption are affected.

<P>We recommend that all sites that use encrypted telnet in conjunction with
Kerberos V4 obtain a patch or upgraded version of Telnet according to the
instructions in Section III below.

<P>We will update this advisory as we receive additional information.
Please check advisory files regularly for updates that relate to your site.

<P><HR>

<P>
<H2>I. Description</H2>

There is a vulnerability in Berkeley Telnet clients that support
encryption and Kerberos V4 authentications. This vulnerability
substantially reduces the effectiveness of the encryption.

<P>
<H2>II. Impact</H2>

Anyone who can access and read packets that make up the encrypted
Telnet session can easily decrypt the session. This is possible, for
example, when an intruder uses a packet sniffer on the network to
intercept the Telnet sessions.

<P>
<H2>III. Solution</H2>

Obtain and install the appropriate patch according to the instructions
included with the patch.

<P>In Appendix A is a summary of the vendors who have reported to us and
the status they provided, including how to obtain patches.
We will update the appendix as we receive more information from vendors.

<P><HR>

<P>
<H2>Appendix A: Vendor Information</H2>

Below is information we have received from vendors who have patches available
or upcoming, along with names of vendors who have reported that their
products do not have the problem.

<P>If you have an encrypting Telnet from a vendor who is not listed, please
contact that vendor for information regarding how to get a fixed version.

<P>
<CENTER>
<TABLE WIDTH="80%">
<TR><TH WIDTH="50%" align=left>Vendor or Source</TH><TH WIDTH="50%" ALIGN=LEFT>Status</TH></TR>
<TR><TD><HR></TD><TD><HR></TD></TR>
<TR><TD VALIGN=TOP>Berkeley SW Distribution (BSD)</TD><TD>source-code patch available from<BR>
Berkeley; also in Appendix B of<BR>this advisory<BR></TD></TR>
<TR><TD>Data General Corporation</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>Digital Equipment Corporation</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>FTP Software, Inc.</TD><TD>patch available</TD></TR>
<TR><TD>Harris NightHawk System</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>Hewlett-Packard Company</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>Nat'l. Center for Supercomputer<BR>Applications (NCSA)</TD><TD VALIGN=BOTTOM>upgrade available</TD></TR>
<TR><TD>Open Software Foundation</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>The Santa Cruz Operation, Inc.(SCO)</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>Sequent Computer Systems</TD><TD>not affected by the vulnerability</TD></TR>
<TR><TD>Sun Microsystems, Inc.</TD><TD>not affected by the vulnerability</TD></TR>
</TABLE>
</CENTER>

<H3>PATCH INFORMATION</H3>

<H3>Berkeley Software Distribution (BSD)</H3>

<P>A source-code patch, along with the domestic version of the most
recently released Telnet sources from Berkeley, are available by
anonymous FTP from

<P>
<A HREF="ftp://net-dist.mit.edu/pub/telnet/telnet.patch">net-dist.mit.edu:/pub/telnet/telnet.patch</A><BR>
MD5 65d56befe3d0f1699d38de5509552578

<P>There is also a PGP ASCII signature file for the patch in

<P>
<A HREF="ftp://net-dist.mit.edu/pub/telnet/telnet.patch.sig">net-dist.mit.edu:/pub/telnet/telnet.patch.sig</A>

<P>This patch can also be found in CERT Advisory CA-95.03a, Appendix B.
(<B>Note:</B> Do not calculate a checksum for Appendix B alone. It will not
match the checksum of the FTP version of the patch because the tabs in
the FTP copy have been replaced with blank spaces in the CA-95.03a
Appendix B copy.)

<P>
<H3>FTP Software, Inc.</H3>

Customers of FTP Software with an encrypting telnet (provided in the
PC/TCP or OnNet packages) should call the FTP technical support line
at 1-800-282-4387 and ask for the &quot;tn encrypt patch&quot;.

<P>
<H3>National Center for Supercomputer Applications (NCSA)</H3>

Users of NCSA Telnet should upgrade to the NCSA Telnet 2.6.1d7, AND
install the appropriate Kerberos plug-in which are available by
anonymous FTP from ftp.ncsa.uiuc.edu

<P>
<B>Upgrade</B>

<P>
<A HREF="ftp://ftp.ncsa.uiuc.edu/Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(68K).sit.hqx">/Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(68K).sit.hqx</A><BR>
MD5  b34b9fda59421b3b83f8df08a83f83b5

<P>
<A HREF="ftp://ftp.ncsa.uiuc.edu/Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(fat).sit.hqx">/Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(fat).sit.hqx</A><BR>
MD5  877add7c3d298111889fc3f2f272ce6f

<P>
<B>Kerberos plug-ins</B>

<P>
<A HREF="ftp://ftp.ncsa.uiuc.edu/Mac/Telnet/Telnet2.6/prerelease/AuthMan.plugin.1.0b1.hqx">/Mac/Telnet/Telnet2.6/prerelease/AuthMan.plugin.1.0b1.hqx</A><BR>
MD5  df727eae184b22125f90ef1a31513fd4

<P>
<A HREF="ftp://ftp.ncsa.uiuc.edu/Mac/Telnet/Telnet2.6/prerelease/Kerberos_Telnet_plugin.sit.hqx">/Mac/Telnet/Telnet2.6/prerelease/Kerberos_Telnet_plugin.sit.hqx</A><BR>
MD5  dbda691efe9038648f234397895c734d

<P>Questions regarding NCSA Telnet should be directed to<BR>
<A HREF=mailto:mactel@ncsa.uiuc.edu>mactel@ncsa.uiuc.edu</A> 

<P><HR>

<P>
<H2>Appendix B: Patch for Vulnerability in Telnet Encryption Option</H2>

<H3>Index: auth.c</H3>
<PRE>
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/auth.c,v
retrieving revision 5.5
retrieving revision 5.7
diff -u -r5.5 -r5.7
--- auth.c      1994/08/18 21:06:45     5.5
+++ auth.c      1994/11/08 04:39:02     5.7
@@ -244,7 +244,7 @@
 {
register int x;

-       if (strcasecmp(type, AUTHTYPE_NAME(0))) {
+       if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
                *maskp = -1;
                return(1);
        }
@@ -260,14 +260,14 @@

        int
 auth_enable(type)
- -       int type;
+       char * type;
 {
        return(auth_onoff(type, 1));
 }

        int
 auth_disable(type)
- -       int type;
+       char * type;
 {
        return(auth_onoff(type, 0));
 }
@@ -277,15 +277,20 @@
        char *type;
        int on;
 {
- -       int mask = -1;
+       int i, mask = -1;
        Authenticator *ap;

        if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
                 printf("auth %s 'type'\n", on ? "enable" : "disable");
                printf("Where 'type' is one of:\n");
                printf("\t%s\n", AUTHTYPE_NAME(0));
- -               for (ap = authenticators; ap->type; ap++)
+               mask = 0;
+               for (ap = authenticators; ap->type; ap++) {
+                       if ((mask & (i = typemask(ap->type))) != 0)
+                               continue;
+                       mask |= i;
                        printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+               }
                return(0);
        }

@@ -293,7 +298,6 @@
                printf("%s: invalid authentication type\n", type);
                return(0);
        }
- -       mask = getauthmask(type, &mask);
        if (on)
                i_wont_support &= ~mask;
        else
@@ -317,16 +321,22 @@
 auth_status()
 {
        Authenticator *ap;
+       int i, mask;

        if (i_wont_support == -1)
                printf("Authentication disabled\n");
        else
                printf("Authentication enabled\n");

- -       for (ap = authenticators; ap->type; ap++)
+       mask = 0;
+       for (ap = authenticators; ap->type; ap++) {
+               if ((mask & (i = typemask(ap->type))) != 0)
+                       continue;
+               mask |= i;
                printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
                        (i_wont_support & typemask(ap->type)) ?
                                        "disabled" : "enabled");
+       }
        return(1);
 }

<H3>Index: kerberos.c</H3>
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/kerberos.c,v
retrieving revision 5.5
retrieving revision 5.8
diff -u -r5.5 -r5.8
- --- kerberos.c  1994/08/18 21:07:02     5.5
+++ kerberos.c  1994/11/14 21:33:58     5.8
@@ -225,9 +225,10 @@
                register int i;

                des_key_sched(cred.session, sched);
- -               des_set_random_generator_seed(cred.session);
- -               des_new_random_key(challenge);
- -               des_ecb_encrypt(challenge, session_key, sched, 1);
+               des_init_random_number_generator(cred.session);
+               des_new_random_key(session_key);
+               des_ecb_encrypt(session_key, session_key, sched, 0);
+               des_ecb_encrypt(session_key, challenge, sched, 0);
                /*
                 * Increment the challenge by 1, and encrypt it for
                 * later comparison.
@@ -320,6 +321,11 @@
                        break;
                }

+               /*
+                * Initialize the random number generator since it's
+                * used later on by the encryption routine.
+                */
+               des_init_random_number_generator(session_key);
                des_key_sched(session_key, sched);
                memcpy((void *)datablock, (void *)data, sizeof(Block));
                /*
@@ -337,7 +343,7 @@
                 * increment by one, re-encrypt it and send it back.
                 */
                des_ecb_encrypt(datablock, challenge, sched, 0);
- -               for (r = 7; r >= 0; r++) {
+               for (r = 7; r >= 0; r--) {
                        register int t;
                        t = (unsigned int)challenge[r] + 1;
                        challenge[r] = t;       /* ignore overflow */


<H3>Index: commands.c</H3>
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/telnet/commands.c,v
retrieving revision 5.14
retrieving revision 5.16
diff -u -r5.14 -r5.16
- --- commands.c  1994/08/18 21:07:37     5.14
+++ commands.c  1994/11/08 06:42:49     5.16
@@ -1919,8 +1919,8 @@
 };

 extern int
- -       auth_enable P((int)),
- -       auth_disable P((int)),
+       auth_enable P((char *)),
+       auth_disable P((char *)),
        auth_status P((void));
 static int
        auth_help P((void));
@@ -1959,6 +1959,12 @@
 {
     struct authlist *c;

+    if (argc < 2) {
+      fprintf(stderr,
+          "Need an argument to 'auth' command.  'auth ?' for help.\n");
+      return 0;
+    }
+
     c = (struct authlist *)
                genget(argv[1], (char **) AuthList, sizeof(struct authlist));
     if (c == 0) {
@@ -2015,7 +2021,7 @@
                                                EncryptEnable, 1, 1, 2 },
     { "disable", "Disable encryption. ('encrypt enable ?' for more)",
                                                EncryptDisable, 0, 1, 2 },
- -    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
+    { "type", "Set encryption type. ('encrypt type ?' for more)",
                                                EncryptType, 0, 1, 1 },
     { "start", "Start encryption. ('encrypt start ?' for more)",
                                                EncryptStart, 1, 0, 1 },
@@ -2058,6 +2064,12 @@
     char *argv[];
 {
     struct encryptlist *c;
+
+    if (argc < 2) {
+       fprintf(stderr,
+           "Need an argument to 'encrypt' command.  'encrypt ?' for help.\n");
+       return 0;
+    }


     c = (struct encryptlist *)
                genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
</PRE>
<HR>
The CERT Coordination Center wishes to thank Theodore Ts'o of the
Massachusetts Institute of Technology for identifying and developing a
solution to this problem. We also thank Douglas Engert of Argonne National
Laboratory for pointing out the omission in our original Appendix B.

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1995, 1996 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
Sep. 23. 1997   Updated copyright information
Aug. 30, 1996   Information previously in the README was inserted
                into the advisory.
Mar. 03, 1995   Appendix A summary list - Digital Equipment and Sequent added
                as &quot;not affected by the vulnerability&quot;
Mar. 03, 1995   This advisory superseded CA-95.03, which had a portion of the
                patch missing from Appendix B.
</PRE>