[4078] in bugtraq
Re: in.telnetsnoopd [slackware]
daemon@ATHENA.MIT.EDU (8LGM Security Advisories)
Thu Feb 20 18:22:39 1997
Date: Thu, 20 Feb 1997 17:51:31 -0500
Reply-To: 8LGM Security Advisories <8lgm@CND.NET>
From: 8LGM Security Advisories <8lgm@CND.NET>
X-To: JS/Illz <jeff@NGBERT.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.32.19970220134334.006990f0@ngbert.res.cmu.edu>
You can download the "patch" for in.telnetsnoopd from sunsite.
you will need the old source for telnetsnoopd too..
On Thu, 20 Feb 1997, JS/Illz wrote:
> I'm not sure if this has been discussed or not, but in.telnetsnoopd is
> exploitable on my Linux Slackware 2.0.27 system.
> As most know, the standard in.telnetd was patched against the 'libroot'
> exploit that made use of the "LD_PRELOAD" command in telnet. The patch (if
> I remember correctly) blocked environment variables longer than xxxx from
> being passed as an argument as "libroot" was. Unfortunately, it seems
> someone overlooked telnetsnoop, as this is still exploitable.
> Fix:
> Edit your inetd.conf to reenable standard telnet, rather than snoop telnet.
> Snooping is bad manners anyways =).
>
>
> Jeff Sorensen <jeff@ngbert.org>
> Programming/Graphic Arts
> Admin: psionik.net/synapse
>
