Re: telnetd vulnerability from BUGTRAQ
On Sat, 25 Sep 2004, Rick Moen wrote:
> Quoting Richard A Nelson (email@example.com):
> > The point remains that while telnet/ftp should be treated as deprecated
> > when feasible, sometimes there just aren't alternatives.
> My entire document (http://linuxmafia.com/ssh) is devoted to documenting
> why that argument fails to hold water. ;-> (Reminds me: I should
> mention, there, that MVS port.)
The question isn't if stop using telnet. The question is why Debian's
telnetd is still vunerable.
Sometimes when I make large changes on my servers (sometimes a bit far
from me), I use telnetd (the ssl version, so password is a bit secure than
plain telnet) as a backup. When sshd is changed, when I modified iptables
around 22 etc. Yes, of course, I setup timeouts for those changes, but it
isn't important (reboot is a bad solution). The important question is: "Is
telnetd still supported in Debian?" Or is this security bug unreal?