SCO - Telnetd AYT overflow ?

From: KF (dotslashat_private)
Date: Wed Jul 25 2001 - 00:44:46 PDT

Next message: der Mouse: "Re: Telnetd AYT overflow scanner"

Previous message: Josh Brandt: "Re: telnetd exploit code (Tru64)"
Next in thread: Nathan Ollerenshaw: "Mac OS X & Darwin/BSD vulnerable to telnetd overflow"
Reply: Nathan Ollerenshaw: "Mac OS X & Darwin/BSD vulnerable to telnetd overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Based on the results from the Telnet AYT scanner provided by 
infoat_private SCO OpenServer may be vulnerable. tested versions 
5.0.5 and 5.0.6.

Can Caldera or perhaps someone else verify this? 

[elguapo@linux elguapo]$ ./tel 10.102.31.26
Telnetd AYT overflow scanner, by Security Point(R)
Host: 10.102.31.26
Connected to remote host...
Sending telnet options... stand by...
Telnetd on 10.102.31.26 vulnerable

[elguapo@linux elguapo]$ telnet 10.102.31.26
Trying 10.102.31.26...
Connected to 10.102.31.26.
Escape character is '^]'.
 
SCO OpenServer(TM) Release 5 (unixdev.ckfr.com) (ttyp7)
Welcome to UnixDev
 
login:
elnet> quit
Connection closed.

-KF

Next message: der Mouse: "Re: Telnetd AYT overflow scanner"
Previous message: Josh Brandt: "Re: telnetd exploit code (Tru64)"
Next in thread: Nathan Ollerenshaw: "Mac OS X & Darwin/BSD vulnerable to telnetd overflow"
Reply: Nathan Ollerenshaw: "Mac OS X & Darwin/BSD vulnerable to telnetd overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 13:48:20 PDT