[21807] in bugtraq
Re: multiple vendor telnet daemon vulnerability
daemon@ATHENA.MIT.EDU (Steffen Kluge)
Tue Jul 24 11:35:14 2001
Date: Tue, 24 Jul 2001 16:55:49 +1000
From: Steffen Kluge <kluge@fujitsu.com.au>
To: bugtraq@securityfocus.com
Cc: bugtraq@securityfocus.com
Message-ID: <20010724165549.A2217@syd0128.fujitsu.com.au>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010718221510.A16174@nb.in-berlin.de>; from scut@nb.in-berlin.de on Wed, Jul 18, 2001 at 10:15:10PM +0200
On Wed, Jul 18, 2001 at 10:15:10PM +0200, Sebastian wrote:
> TESO Security Advisory
> 07/18/2001
> [...]
> Multiple vendor Telnet Daemon vulnerability
>
> Systems Affected
> ===================
>
> System | vulnerable | exploitable *
> ----------------------------------------+--------------+------------------
> BSDI 4.x default | yes | yes
> FreeBSD [2345].x default | yes | yes
> IRIX 6.5 | yes | no
> Linux netkit-telnetd < 0.14 | yes | ?
> Linux netkit-telnetd >= 0.14 | no |
> NetBSD 1.x default | yes | yes
> OpenBSD 2.x | yes | ?
> OpenBSD current | no |
> Solaris 2.x sparc | yes | ?
> <almost any other vendor's telnetd> | yes | ?
> ----------------------------------------+--------------+------------------
Is there a test available that would allow verification of
vulnerability on various platforms? I'm thinking of network
devices like routers, do their telnet servers tend to be based
on the vulnerable code base?
Having to upgrade hundreds of Cisco routers, for example, would
be a major nightmare, given that secure implementations of SSH on
IOS have only recently become available, and the associated 50/50
chance of breaking things that comes with every IOS upgrade.
Regards
Steffen.
