On Wed, Jul 18, 2001 at 10:15:10PM +0200, Sebastian wrote: > TESO Security Advisory > 07/18/2001 > [...] > Multiple vendor Telnet Daemon vulnerability > > Systems Affected > =================== > > System | vulnerable | exploitable * > ----------------------------------------+--------------+------------------ > BSDI 4.x default | yes | yes > FreeBSD [2345].x default | yes | yes > IRIX 6.5 | yes | no > Linux netkit-telnetd < 0.14 | yes | ? > Linux netkit-telnetd >= 0.14 | no | > NetBSD 1.x default | yes | yes > OpenBSD 2.x | yes | ? > OpenBSD current | no | > Solaris 2.x sparc | yes | ? > <almost any other vendor's telnetd> | yes | ? > ----------------------------------------+--------------+------------------ Is there a test available that would allow verification of vulnerability on various platforms? I'm thinking of network devices like routers, do their telnet servers tend to be based on the vulnerable code base? Having to upgrade hundreds of Cisco routers, for example, would be a major nightmare, given that secure implementations of SSH on IOS have only recently become available, and the associated 50/50 chance of breaking things that comes with every IOS upgrade. Regards Steffen.
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:19:57 PDT