[5709] in bugtraq
in.telnetd bug (linux)
daemon@ATHENA.MIT.EDU (kgb)
Wed Nov 26 21:36:35 1997
Date: Tue, 25 Nov 1997 16:00:32 +0000
Reply-To: kgb <kgb@HOBBIT.OVERLOADED.NET>
From: kgb <kgb@HOBBIT.OVERLOADED.NET>
To: BUGTRAQ@NETSPACE.ORG
This is my first bugtraq post, If Linux in.telnetd is _supposed_ to do
this or everyone already knows it does so, I hope Aleph1 doen't let it
though the list. :-)
This look's harmless, however it does not look like it should be
'acceptable' Heres the info on the bug:
If you your 'TERM' variable to anythig that the telnet server your
telnetting to does _not_ have in the terminfo database, in.telnetd
coredumps. (leaving a core in /) This core file is dropped with safe
permissions so only root could read it, and there is nothing that I can
see 'dangerous' left in it for anyone to read.
This does not appear to affect in.telnetd from some distributions.
The distribution I did find affected is slackware 3.4.
This does not appear to affect RedHat 4.2, any others I don't have time to
try right now.
-MultiSynk
kgb@hobbit.overloaded.net
