Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Milan Jurik <M.Jurik@sh.cvut.cz>
Date: Sun, 26 Sep 2004 04:53:26 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.58.0409260443210.12432@bobek.sh.cvut.cz>
In-reply-to: <[🔎] 20040925211946.GV32311@linuxmafia.com>
References: <[🔎] Pine.LNX.4.44.0409242200160.16973-100000@herring.sandwich.net> <[🔎] 20040924221509.GF4491@infidel.spots.ab.ca> <[🔎] 20040924222453.GE28963@vnl.com> <[🔎] 20040924222812.GA3358@hezmatt.org> <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com>

Hi,

On Sat, 25 Sep 2004, Rick Moen wrote:

> Quoting Richard A Nelson (cowboy@debian.org):
>
> > The point remains that while telnet/ftp should be treated as deprecated
> > when feasible, sometimes there just aren't alternatives.
>
> My entire document (http://linuxmafia.com/ssh) is devoted to documenting
> why that argument fails to hold water.  ;->  (Reminds me:  I should
> mention, there, that MVS port.)
>

  The question isn't if stop using telnet. The question is why Debian's
telnetd is still vunerable.
  Sometimes when I make large changes on my servers (sometimes a bit far
from me), I use telnetd (the ssl version, so password is a bit secure than
plain telnet) as a backup. When sshd is changed, when I modified iptables
around 22 etc. Yes, of course, I setup timeouts for those changes, but it
isn't important (reboot is a bad solution). The important question is: "Is
telnetd still supported in Debian?" Or is this security bug unreal?
  Best regards,

          Milan Jurik

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>

References:
- telnetd vulnerability from BUGTRAQ
  - From: James Renken <jrenken@sandwich.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: telnetd vulnerability from BUGTRAQ
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread