BSDi telnetd exploitable...

From: Sean Chittenden (sean-securityfocus-incidentsat_private)
Date: Fri Jul 27 2001 - 14:34:14 PDT

  • Next message: David Kennedy CISSP: "Re: Vulernability in /cgi-bin/shopper.exe?"

    	Just an FYI, BSDi's telnetd in 4.1 and 4.2 is vulnerable to the
    telnetd exploit.  I was just brought in to clean up a small cluster of
    unfirewalled BSDi systems that fell victem (don't ask me why there
    wasn't a firewall: not my boxes).  Anyway, since then I've nuked the
    boxen and put FreeBSD+ipf on and what's interesting is that my logs show
    that the same IP that did the initial breakin is still
    scanning/attempting to connect to the port.  Looks like a poorly written
    script kiddie tool in use.  The IP address was obtainable through the
    (w|u)tmp files.  At anyrate, FYI.  -sc
    
    -- 
    Sean Chittenden
    
    
    



    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:22:27 PDT