[22161] in bugtraq
Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
daemon@ATHENA.MIT.EDU (bendik@ns.htc.sk)
Thu Aug 9 17:01:41 2001
Date: Thu, 9 Aug 2001 19:55:56 +0200 (CEST)
From: <bendik@ns.htc.sk>
To: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.33.0108092348250.10117-300000@clarity.local>
Message-ID: <Pine.LNX.4.33.0108091947470.843-100000@f6f.htc.sk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 10 Aug 2001 zen-parse@gmx.net wrote:
> Product: netkit telnet protocol daemon, in.telnetd
>
> Version: netkit-telnet-0.17 (and previous) /usr/sbin/in.telnetd
>
> Severity: High
>
> Remote: Yes
>
> Allows: Remote ROOT level access.
>
> Workaround: Disable telnet access.
>
> Fix: Check with your vendor for an updated package.
[....]
>
> /usr/in.telnetd <= netkit-telnet-0.17
> (telnet-0.17-7 is the default in.telnetd for Redhat 7.0)
Hi,
I reported segfaults of telnetd 0.17 to RedHat on July 30, they
posted some fix (July 31), but haven't released advisory yet. Please
check following URLs:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50335
ftp://people.redhat.com/harald/telnet-0.17-16.src.rpm
Patch from RedHat in telnet-0.17-16 is bigger than one posted here, but I
can't check whether it is enough (at least telnetd won't segfault).
--
rado b
Why Did You Reboot That Machine?
