Bugtraq mailing list archives
Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
From: <bendik () ns htc sk>
Date: Thu, 9 Aug 2001 19:55:56 +0200 (CEST)
On Fri, 10 Aug 2001 zen-parse () gmx net wrote:
Product: netkit telnet protocol daemon, in.telnetd Version: netkit-telnet-0.17 (and previous) /usr/sbin/in.telnetd Severity: High Remote: Yes Allows: Remote ROOT level access. Workaround: Disable telnet access. Fix: Check with your vendor for an updated package.
[....]
/usr/in.telnetd <= netkit-telnet-0.17 (telnet-0.17-7 is the default in.telnetd for Redhat 7.0)
Hi, I reported segfaults of telnetd 0.17 to RedHat on July 30, they posted some fix (July 31), but haven't released advisory yet. Please check following URLs: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50335 ftp://people.redhat.com/harald/telnet-0.17-16.src.rpm Patch from RedHat in telnet-0.17-16 is bigger than one posted here, but I can't check whether it is enough (at least telnetd won't segfault). -- rado b Why Did You Reboot That Machine?
Current thread:
- ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow zen-parse (Aug 09)
- Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow bendik (Aug 09)
- <Possible follow-ups>
- Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow Paul Szabo (Aug 09)
- RE: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow Vidovic,Zvonimir,VEVEY,GL-IS/CIS (Aug 10)