Bugtraq mailing list archives
Linux and DEC patches available for CA-95:14 Telnetd Vulnerability
From: pcl () sable ox ac uk (Paul Leyland)
Date: Fri, 3 Nov 1995 10:33:18 GMT
-----BEGIN PGP SIGNED MESSAGE----- I have put telnetd patches for DEC OSF/1 (aka Digital Unix) and Linux on ftp.ox.ac.uk in /pub/comp/security/software/patches/telnetd/ I recommend most European sites get them from there, rather than going to DEC ftp site. Oxford has much faster and more reliable links to the UK and the rest of Europe than most of us have to the Digital site in the US. I'd expect JANET sites to get 100k bytes per second and most of Europe to achieve 20k. Downloading the DEC kit took several attempts spread over 18 hours and I managed only 0.4k per second. Anyone wishing to get DEC's own distribution should connect to ftp.service.digital.com and get /public/osf/v3.2c/ssrt0367_c032.* but remember that DEC have not compressed their tar file so you will need to download 640k compared with 216k at Oxford. Thanks are due to Malcolm Beattie for putting the Linux kit together. It lives in /pub/comp/security/software/patches/telnetd/linux and consists of a README, a patch for the telnetd source and a compiled telnetd which should be ok for most Slackware distributions. Dave Church, at DEC's Valbonne site, gave me permission to redistribute the DEC kit. Unsurprisingly, it lives in .../telnetd/DEC and consists of a cover letter, a README, a BSD checksum and a gzipped tar file. The tarfile contains telnetd binaries for OSF/1 versions 2.0 through to 3.2c Patch kits for other architectures will be added to ftp.ox.ac.uk as they become available Paul Leyland (in his OxCERT hat) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMJnv6KNsRd57vOpJAQER3QQAkh6979qF4YvVpxE4c/gN6I9zUG9xsAJN Yy7QCoQTCpg2naVkIpz0LLXfB8ptLjPGgFIgEUi78lIqDD0UJ8VQge1okh+IpqFE WrMctkHYqSWRi0LgYcqHtVNh+B7lDO0Ui6TZojWRwL4376tb7YcgU3JE1PPwsrB3 3K02Xm1w2ts= =i8ox -----END PGP SIGNATURE-----
Current thread:
- Telnet attack on SGI Douglas Siebert (Nov 01)
- Re: Telnet attack on SGI Robert A. Pickering Jr. (Nov 01)
- Re: Telnet attack on SGI Joe Hentzel (Nov 01)
- Re: Telnet attack on SGI Dr. Frederick B. Cohen (Nov 01)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)