Bugtraq mailing list archives
Re: Telnet attack on SGI
From: jmason () iona ie (Justin Mason)
Date: Thu, 2 Nov 1995 12:27:04 +0000
Douglas Siebert says:
There are two ways I know of to protect against this attack until SGI has a patch ready. One would be to write a wrapper that removes "dangerous" environment variables. Obviously, figuring out which ones are dangerous is the trick! Certainly anything that starts LD_ or _RLD should be removed. But there may always be others you don't know about.
There are a profusion of various *LD* environment variables to watch out for on each different platform, along with other similar dodgy vars; every time a vendor comes out with a major release, a new LD_whatever var seems to be created. :( I think a little firewall philosophy should be used here, namely deny unless explicitly permitted. Anyway, most env vars are not portable across a network, unless you've got a pretty homogenous lan; for example, in my environment I've got XMBINDDIR, XUSERFILESEARCHPATH, ftp_proxy, http_proxy, XAPPLRESDIR, XBMLANGPATH, PGPPATH, PATH and OSTYPE. If all these env vars suddenly got propagated to, for example, my login at my old university, most of them would be useless, or even disruptive in their effects. The env vars that spring to mind as being useful accross a network are: TZ, DISPLAY and TERM. Of course, to allow future enhancements, this should be a configurable option for the telnetd. Opinions? --j.
Current thread:
- Telnet attack on SGI Douglas Siebert (Nov 01)
- Re: Telnet attack on SGI Robert A. Pickering Jr. (Nov 01)
- Re: Telnet attack on SGI Joe Hentzel (Nov 01)
- Re: Telnet attack on SGI Dr. Frederick B. Cohen (Nov 01)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)