[6085] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Telnet vulnerability--shared library loading

daemon@ATHENA.MIT.EDU (Casper H.S. Dik - Network Security)
Wed Nov 1 05:34:51 1995

To: kerberos@MIT.EDU
Date: 1 Nov 1995 08:52:21 GMT
From: Casper.Dik@Holland.Sun.COM (Casper H.S. Dik - Network Security Engineer)

Solaris 2.5 telnetd was fixed just in time for FCS.

However, anyone running almost any alpha/beta version of Solaris 2.5
is vulnerable to this problem.

Solaris 2.4 and earlier Sun telnetds (including SunOS 4.x) did
not pass environment variables other than $TERM.

For Suns, the easiest way to check is this (using a modern telnet client):

% telnet
telnet> env define LD_PRELOAD /no-such-file
telnet> env export LD_PRELOAD
telnet> open host
Trying A.B.C.D...
Connected to host.
Escape character is '^]'.

UNIX(r) System V Release 4.0 (host)

ld.so.1: login: fatal: /no-such-file: can't open file: errno=2
Connection closed by foreign host.

(make sure you don't have a file "no-such-file" in / :-)

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6085] in Kerberos

Re: Telnet vulnerability--shared library loading

daemon@ATHENA.MIT.EDU (Casper H.S. Dik - Network Security)Wed Nov 1 05:34:51 1995

daemon@ATHENA.MIT.EDU (Casper H.S. Dik - Network Security)
Wed Nov 1 05:34:51 1995