Re: telnetd vulnerability from BUGTRAQ

To: Milan Jurik <jurikm@bobek.sh.cvut.cz>
Cc: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Steve Kemp <skx@debian.org>
Date: Mon, 27 Sep 2004 12:59:28 +0100
Message-id: <[🔎] 20040927115928.GA17215@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>
In-reply-to: <[🔎] Pine.LNX.4.58.0409271300490.28345@bobek.sh.cvut.cz>
References: <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409260443210.12432@bobek.sh.cvut.cz> <[🔎] 20040926183350.GL22041@linuxmafia.com> <[🔎] 20040927005837.GE24687@infidel.spots.ab.ca> <[🔎] Pine.LNX.4.58.0409271300490.28345@bobek.sh.cvut.cz>

On Mon, Sep 27, 2004 at 01:17:47PM +0200, Milan Jurik wrote:

>   Yes, it's time to look at the sources and find the truth.

  This appears to have been addressed by the patch in DSA-070-1,
 so you should be able to apply that to current sources with a small
 amount of work.

  Although the .diff.gz file has gone from Debian's mirrors you can
 see a proposed patch in the original Bugtraq mail:

	http://www.securityfocus.com/archive/1/203000

  I hope that helps those who still run telnetd for whatever reason.

  (From the advisory it suggests that Debian runs telnetd as its
 own user, so it's not a remote root at least.  Unless you have an
 unpatched kernel or other hole available for exploitation).

Steve
--

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <M.Jurik@sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <jurikm@bobek.sh.cvut.cz>

Prev by Date: Re: [OT] Collective memory query
Next by Date: vulnerabilities in CVS?
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread