Bugtraq mailing list archives
Mac OS X & Darwin/BSD vulnerable to telnetd overflow
From: Nathan Ollerenshaw <chrome () stupendous net>
Date: Sat, 28 Jul 2001 06:17:50 +0100
[titanium:~/desktop] chrome% ./SPtelnetAYT localhost Telnetd AYT overflow scanner, by Security Point(R) Host: localhost Connected to remote host... Sending telnet options... stand by... Telnetd on localhost vulnerable [titanium:~/desktop] chrome% telnet localhost Trying 127.0.0.1... Connected to localhost.stupendous.net. Escape character is '^]'. Darwin/BSD (titanium) (ttyp5) login: ^] telnet> close Connection closed.Note that by default telnet is disabled in /etc/inetd.conf (as are most things, except for portmapper/NFS, ugh) so the impact should be minimal. If you're not using the OpenSSH included with OS X, you're mad.
This was tested successfully on Mac OS X 10.0.4 from both the local machine, and from a remote Sparc Solaris 2.7 host.
I'd notify Apply, only I have no idea what address to use, and it's 6am and I've not slept yet (catching up to bugtraq from a 2 week holiday, wow, that Code Red thing was bad, glad I wasn't around when THAT baby hit, ho ho ho)
Nathan. -- "The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows." - Frank Zappa
Current thread:
- SCO - Telnetd AYT overflow ? KF (Jul 25)
- Mac OS X & Darwin/BSD vulnerable to telnetd overflow Nathan Ollerenshaw (Jul 28)