[59] in Security FYI
new security hole in SGI Irix telnetd
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Mon Aug 14 18:58:52 2000
From: mhpower@MIT.EDU
Message-Id: <20000814225847.32057.qmail@customer-care.infrastructure.org>
Date: Mon, 14 Aug 2000 18:58:47 -0400
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
-----BEGIN PGP SIGNED MESSAGE-----
A new security problem has recently been announced concerning the
standard telnetd program supplied with the SGI Irix operating system.
The problem can allow intruders to break in to your computer remotely,
gaining root access immediately. To accomplish this, an intruder would
not need any advance information about your system (e.g., they don't
need to know the name of a local account that can login via telnet).
The security problem affects all versions of the telnetd program
(/usr/etc/telnetd) supplied with an Irix distribution or any official
Irix patch, for Irix version 6.2 or later (including the current
version of Irix). As far as we know, the problem does not affect other
telnetd programs that are compiled for Irix, such as the telnetd
programs included in MIT Kerberos distributions or the telnetd
programs used on Athena workstations.
To eliminate the vulnerability, ensure that your Irix system is either
using one of this latter class of telnetd programs, or else no telnetd
program at all. For more information about reconfiguring your
computers to eliminate this new security problem, see
http://web.mit.edu/net-security/www/fyi/fyi-2000-003-telnetd.html
Please do not leave an Irix telnetd on any of your systems.
Matt Power
Network Security team, MIT Information Systems
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOZh4M6XcG113/1BtAQFBuQP+IL+xmLidoTpQtbaissrwOZY4vuTW3aYa
K9LY18Vz3zcdneh+9TFwT/AR/ArPvEiW4N03Eqatjr0X7Hw4f92B+H3C+sI3vQ3J
hueA0HuKA4KRb16IDstqbHQkM6gcKm0fPX2zdFxvl//vAsCP/U7hF16Bj4APmR8C
HxmlrIGTRiY=
=Q3WQ
-----END PGP SIGNATURE-----
