Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: James Renken <jrenken@sandwich.net>
Date: Fri, 24 Sep 2004 22:33:42 +0000 (UTC)
Message-id: <[🔎] Pine.LNX.4.44.0409242230040.22647-100000@herring.sandwich.net>
In-reply-to: <[🔎] 20040924221509.GF4491@infidel.spots.ab.ca>

On Fri, 24 Sep 2004, s. keeling wrote:

> > I noticed the message below on BUGTRAQ last weekend, reporting a remote
> > root compromise in telnetd.  I haven't seen any discussion of this on the
> > list archives, nor a new DSA.  Am I missing something?
>
> Is anyone still using telnet when there's ssh?  Why?  I wouldn't even
> use it inside my own firewalled LAN.  ssh is just better.

Agreed - but some of my customers, even after I've pointed out the risks,
just don't want to go through the trouble of changing from their preferred
Telnet programs.

Given that a remote root is supposedly possible, I think this should be
looked at, no matter how rare the package's usage may be.

-- 
James Renken, System Administrator                 jrenken@sandwich.net
Sandwich.Net Internet Services  http://www.sandwich.net/  1-877-HUBWICH

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: Re: telnetd vulnerability from BUGTRAQ
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread