ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow (fwd)
Roman Werpachowski
roman w student.ifpan.edu.pl
Czw, 9 Sie 2001, 23:21:18 CEST
Jak my sie mamy w tym wzgledzie?
Pozdrawiam,
Romek
--
------ Roman Werpachowski ------
-- roman w student.ifpan.edu.pl --
----- Szkoła Nauk Ścisłych -----
---------- Forwarded message ----------
Date: Thu, 9 Aug 2001 19:55:56 +0200 (CEST)
From: bendik w ns.htc.sk
To: bugtraq w securityfocus.com
Subject: Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
On Fri, 10 Aug 2001 zen-parse w gmx.net wrote:
> Product: netkit telnet protocol daemon, in.telnetd
>
> Version: netkit-telnet-0.17 (and previous) /usr/sbin/in.telnetd
>
> Severity: High
>
> Remote: Yes
>
> Allows: Remote ROOT level access.
>
> Workaround: Disable telnet access.
>
> Fix: Check with your vendor for an updated package.
[....]
>
> /usr/in.telnetd <= netkit-telnet-0.17
> (telnet-0.17-7 is the default in.telnetd for Redhat 7.0)
Hi,
I reported segfaults of telnetd 0.17 to RedHat on July 30, they
posted some fix (July 31), but haven't released advisory yet. Please
check following URLs:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50335
ftp://people.redhat.com/harald/telnet-0.17-16.src.rpm
Patch from RedHat in telnet-0.17-16 is bigger than one posted here, but I
can't check whether it is enough (at least telnetd won't segfault).
--
rado b
Why Did You Reboot That Machine?
Więcej informacji o liście dyskusyjnej pld-devel-pl