[6097] in Kerberos
Re: Telnet vulnerability--shared library loading
daemon@ATHENA.MIT.EDU (Alan Schwartz)
Wed Nov 1 19:26:48 1995
To: kerberos@MIT.EDU
Date: 1 Nov 1995 23:07:56 GMT
From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
Igor Chudov <ichudov@espcbw.stat.ncsu.edu> writes:
>For those Linux users who have not read the original message, it is quoted
>below.
>
>The question is: does this vulnerability affect telnetd on Linux?
Gee, maybe you should *read* the message?
It said:
* Linux. The telnetd distributed with Slackware Linux appears to be
vulnerable, although I have not verified this. The maintainers of
Debian GNU/Linux confirm their telnetd is vulnerable and released a
patch; see below. A patch is also available for Redhat Linux.
[..snip..]
* On October 19, David Borman <dab@cray.com> released a new version of
his telnet package, containing a fix to the problem. This original
patch disabled passing environment options entirely, but was revised
on October 23. The revised patch, and instructions for obtaining it
are contained at the bottom of this message. Note that this patch
does not deal with the ELF_LD_LIBRARY_PATH, although for most Linux
users, this is not a problem. The version of telnet on
net-dist.mit.edu contains this patch.
[..snip..]
* Peter Tobias, <tobias@et-inf.fho-emden.de> released a patch for
Debian GNU/Linux. This patch can be found in the networking
utilities at
ftp://ftp.debian.org/debian/debian-0.93/binary/net/netstd-1.21-1.deb.
* Erik Troan <ewt@redhat.com> confirms that Redhat Linux is
vulnerable, indicating a patch can be found at
ftp://ftp.redhat.com/pub/redhat-2.0/updates/NetKit-B-0.06-4.i386.rpm
or
ftp://ftp.pht.com/pub/linux/redhat/redhat-2.0/updates/NetKit-B-0.06-4.i386.rpm
The fix is incorporated into the Redhat 2.1 release.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Alan Schwartz | Disclaimer: I represent no one
|
alansz@cogsci.berkeley.edu | "Life is what happens to you while
UC Berkeley | you're busy making other plans"
Cognitive Psychology | - J. Lennon
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
