Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow

• Previous message: Hugh Choudhury: "FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red"
• In reply to: zen-parseat_private: "ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"
• Next in thread: Vidovic,Zvonimir,VEVEY,GL-IS/CIS: "RE: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Aug 2001 zen-parseat_private wrote:

> Product:     netkit telnet protocol daemon, in.telnetd
>
> Version:     netkit-telnet-0.17 (and previous)  /usr/sbin/in.telnetd
>
> Severity:    High
>
> Remote:      Yes
>
> Allows:      Remote ROOT level access.
>
> Workaround:  Disable telnet access.
>
> Fix:         Check with your vendor for an updated package.
[....]
>
>  /usr/in.telnetd  <= netkit-telnet-0.17
>  (telnet-0.17-7 is the default in.telnetd for Redhat 7.0)

Hi,

I reported segfaults of telnetd 0.17 to RedHat on July 30, they
posted some fix (July 31), but haven't released advisory yet. Please
check following URLs:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50335
ftp://people.redhat.com/harald/telnet-0.17-16.src.rpm


Patch from RedHat in telnet-0.17-16 is bigger than one posted here, but I
can't check whether it is enough (at least telnetd won't segfault).


-- 
rado b
	Why Did You Reboot That Machine?

• Next message: bugzillaat_private: "[RHSA-2001:100-02] Updated Kerberos 5 packages now available"
• Previous message: Hugh Choudhury: "FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red"
• In reply to: zen-parseat_private: "ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"
• Next in thread: Vidovic,Zvonimir,VEVEY,GL-IS/CIS: "RE: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 14:03:40 PDT