Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 27 Sep 2004 12:52:22 -0700
Message-id: <[🔎] 20040927195222.GB5165@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040927115928.GA17215@steve.org.uk>
References: <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409260443210.12432@bobek.sh.cvut.cz> <[🔎] 20040926183350.GL22041@linuxmafia.com> <[🔎] 20040927005837.GE24687@infidel.spots.ab.ca> <[🔎] Pine.LNX.4.58.0409271300490.28345@bobek.sh.cvut.cz> <[🔎] 20040927115928.GA17215@steve.org.uk>

On Mon, Sep 27, 2004 at 12:59:28PM +0100, Steve Kemp wrote:

> On Mon, Sep 27, 2004 at 01:17:47PM +0200, Milan Jurik wrote:
> 
> >   Yes, it's time to look at the sources and find the truth.
> 
>   This appears to have been addressed by the patch in DSA-070-1,
>  so you should be able to apply that to current sources with a small
>  amount of work.
> 
>   Although the .diff.gz file has gone from Debian's mirrors you can
>  see a proposed patch in the original Bugtraq mail:
> 
> 	http://www.securityfocus.com/archive/1/203000
> 
>   I hope that helps those who still run telnetd for whatever reason.
> 
>   (From the advisory it suggests that Debian runs telnetd as its
>  own user, so it's not a remote root at least.  Unless you have an
>  unpatched kernel or other hole available for exploitation).

As far as we are aware, it is not a remote code execution exploit at all,
but only a DoS.  See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273694

-- 
 - mdz

Reply to:

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <M.Jurik@sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <jurikm@bobek.sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: [OT] Collective memory query
Next by Date: Re: [OT] Collective memory query
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread