[36756] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Debian netkit telnetd vulnerability

daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Wed Sep 29 20:51:16 2004

Date: Sun, 26 Sep 2004 15:41:53 -0700
From: Matt Zimmerman <mdz@debian.org>
To: bugtraq@securityfocus.com
Message-ID: <20040926224152.GC4726@alcor.net>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040920231149.GA1565@openwall.com>

On Tue, Sep 21, 2004 at 03:11:49AM +0400, Solar Designer wrote:

> On Sat, Sep 18, 2004 at 09:57:19PM +0200, Michal Zalewski wrote:
> > Exposure:
> > 
> >   Remote root compromise through buffer handling flaws
> 
> FWIW, some (two?) distributions have privsep'ed telnetd by now, where
> the immediate impact of this flaw (if it were present there) would be
> code execution as pseudo-user "telnetd" chrooted to /var/empty. (*)

Debian's telnetd runs as user telnetd, though it does not chroot to
/var/empty.

-- 
 - mdz


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36756] in bugtraq

Re: Debian netkit telnetd vulnerability

daemon@ATHENA.MIT.EDU (Matt Zimmerman)Wed Sep 29 20:51:16 2004

daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Wed Sep 29 20:51:16 2004