Bugtraq mailing list archives
Re: Telnet attack on SGI
From: ckd () loiosh kei com (Christopher Davis)
Date: Fri, 3 Nov 1995 10:31:43 -0500
-----BEGIN PGP SIGNED MESSAGE----- JM> == Justin Mason <jmason () iona ie> JM> The env vars that spring to mind as being useful accross a network are: JM> TZ, DISPLAY and TERM. I'd probably add TERMCAP, and of course USER which is part of the autologin stuff. (If you send USER across without also sending Kerberos authentication or whatever, you get just a password prompt... kind of like rlogin, but with all of the functionality of telnet.) JM> Of course, to allow future enhancements, this should be a JM> configurable option for the telnetd. Most definitely. Here's my patch to telnet-95.10.23 (probably applies to .NE too, though the line numbers might change) that implements the "only what is explicitly permitted" behavior. It's not configurable though. The "KRB" blocking change in the "all is permitted except what's blocked" code is for people using CNS with the Borman telnetd instead of the CNS telnetd. As with any PGP-signed patch, you'll need to trim off the "- " from some lines to make patch recognize it. - --- sys_term.c~ Mon Oct 23 10:47:17 1995 +++ sys_term.c Thu Nov 2 10:41:40 1995 @@ -1823,10 +1823,20 @@ register char **cpp, **cpp2; for (cpp2 = cpp = environ; *cpp; cpp++) { +#ifdef INSUFFICIENTLY_PARANOID if (strncmp(*cpp, "LD_", 3) && strncmp(*cpp, "_RLD_", 5) && strncmp(*cpp, "LIBPATH=", 8) && + /* ckd addition 951102 */ + strncmp(*cpp, "KRB", 3) && strncmp(*cpp, "IFS=", 4)) +#else + if (strncmp(*cpp, "TZ=", 3) == 0 || + strncmp(*cpp, "USER=", 5) == 0 || + strncmp(*cpp, "TERM=", 5) == 0 || + strncmp(*cpp, "DISPLAY=", 8) == 0 || + strncmp(*cpp, "TERMCAP=", 8) == 0) +#endif /* INSUFFICIENTLY_PARANOID */ *cpp2++ = *cpp; } *cpp2 = 0; -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQBVAwUBMJo11Xc8OGsDgp+JAQF3RwH+MN9JxA2sgDavemluAhPtyOHY3gyIx8EL ni9dNFHIrs5O5mVUcRdAwtNiCN2c3DMS/eIo+UWGQtYmCJ7xuesnVw== =H3P9 -----END PGP SIGNATURE-----
Current thread:
- Telnet attack on SGI Douglas Siebert (Nov 01)
- Re: Telnet attack on SGI Robert A. Pickering Jr. (Nov 01)
- Re: Telnet attack on SGI Joe Hentzel (Nov 01)
- Re: Telnet attack on SGI Dr. Frederick B. Cohen (Nov 01)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)