Bugtraq mailing list archives

Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow

From: <bendik () ns htc sk>
Date: Thu, 9 Aug 2001 19:55:56 +0200 (CEST)

On Fri, 10 Aug 2001 zen-parse () gmx net wrote:

Product:     netkit telnet protocol daemon, in.telnetd

Version:     netkit-telnet-0.17 (and previous)  /usr/sbin/in.telnetd

Severity:    High

Remote:      Yes

Allows:      Remote ROOT level access.

Workaround:  Disable telnet access.

Fix:         Check with your vendor for an updated package.

[....]


 /usr/in.telnetd  <= netkit-telnet-0.17
 (telnet-0.17-7 is the default in.telnetd for Redhat 7.0)


Hi,

I reported segfaults of telnetd 0.17 to RedHat on July 30, they
posted some fix (July 31), but haven't released advisory yet. Please
check following URLs:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50335
ftp://people.redhat.com/harald/telnet-0.17-16.src.rpm


Patch from RedHat in telnet-0.17-16 is bigger than one posted here, but I
can't check whether it is enough (at least telnetd won't segfault).


-- 
rado b
        Why Did You Reboot That Machine?

Current thread:

ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow zen-parse (Aug 09)
- Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow bendik (Aug 09)
- <Possible follow-ups>
- Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow Paul Szabo (Aug 09)
- RE: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow Vidovic,Zvonimir,VEVEY,GL-IS/CIS (Aug 10)