[6118] in Kerberos
Re: Telnet vulnerability--shared library loading
daemon@ATHENA.MIT.EDU (Henri Karrenbeld)
Fri Nov 3 12:35:55 1995
To: kerberos@MIT.EDU
Date: 3 Nov 1995 16:11:10 GMT
From: henrikar@utctu15.ct.utwente.nl (Henri Karrenbeld)
lloth@sorron.sojourn.com (Kristopher Kortright) writes:
>Alan Schwartz (alansz@mellers1.psych.berkeley.edu) wrote:
>: Igor Chudov <ichudov@espcbw.stat.ncsu.edu> writes:
>: >For those Linux users who have not read the original message, it is quoted
>: >below.
>: >
>: >The question is: does this vulnerability affect telnetd on Linux?
>: Gee, maybe you should *read* the message?
>: It said:
>
> At the risk of sounding like an idiot, IS there indeed a fix for the
>Slackware distribution? If so, where is it or which of the others should
>I use on my network.
The debian telnetd mentioned in the CERT advisory compiles without problems
on Slackware 2.2 with 1.2.13 kernel. You also need libtelnet from the same
directory.
Get:
ftp://ftp.debian.org/debian/debian-0.93/source/net/netstd-1.21-1/telnetd.tar.gz
and libtelnet.tar.gz from the same dir; unpack both in the same dir,
type make in the created libtelnet dir, and make in the telnetd dir.
Make a copy of the old /usr/sbin/in.telnetd somewhere and type 'make install'
in the telnetd dir. Voila...You're fixed.
Furthermore, this one:
ftp://ftp.cymru.net/pub/linux/security/in.telnetd.gz
is available at least as a binary, and allegedly fixes the bug too;
I have not tried this binary, nor do I know with source it comes from.
$) Henri
--
-----------------------------------------------------------------------------
Hardware, n.:
The parts of a computer system that can be kicked.
-----------------------------------------------------------------------------
