Modernizing Authentication — What It Takes to Transform Secure Access
"According to Percival, the developers had to do it because one of the flaws, a remote root vulnerability in telnetd, was being actively exploited in the wild and that, while 'most people have moved past telnet and on to SSH by now,' the security problem was not 'an issue we could postpone until a more convenient time,'" The H Security reports.
"The telnetd advisory notes that the daemon has been disabled by default in FreeBSD since August 2001 and that, although there is no workaround, just disabling the telnetd daemon will eliminate the possibility of an attacker using it to run arbitrary code with with daemon's privileges," the article states.
Go to "FreeBSD issues five security advisories for Christmas" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.