This is my first bugtraq post, If Linux in.telnetd is _supposed_ to do this or everyone already knows it does so, I hope Aleph1 doen't let it though the list. :-) This look's harmless, however it does not look like it should be 'acceptable' Heres the info on the bug: If you your 'TERM' variable to anythig that the telnet server your telnetting to does _not_ have in the terminfo database, in.telnetd coredumps. (leaving a core in /) This core file is dropped with safe permissions so only root could read it, and there is nothing that I can see 'dangerous' left in it for anyone to read. This does not appear to affect in.telnetd from some distributions. The distribution I did find affected is slackware 3.4. This does not appear to affect RedHat 4.2, any others I don't have time to try right now. -MultiSynk kgbat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:46 PDT