Re: recent telnet vulnerability

[m p <sumirati () yahoo de>]

 --- Chris Keladis <Chris.Keladis () cmc cwo net au> schrieb: > m p wrote:
> > it depends which OS you are using. The exploitable code was derived from
> the
> > original BSD code - so the assumption was made, that the OSes derived from
> > System V (or written from scratch) are not vulnerable to _this_ buffer
> > overflow.
>
> If FreeBSD is vulnerable, would the FW-1 IPSO Nokia devices be
> vulnerable as well? (and any other network-application based around
> *BSDs??)
>
> I know there are a few other firewalls based off FreeBSD.

Hi,

if on the FW-1 IPSO Nokia device the telnetd is enabled AND it is derived from
the *BSD code it is vulnerable too. (I don't have any knowledge about Nokia
appliances.) Ask your vendor (in this case Nokia) for updates.

But why are you using telnetd on a firewall? Please try ssh :)

The same thing for other vendors: Ask them!
... and if you know something, feel free about sharing your knowledge.

Just my two cent

marc


__________________________________________________________________
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards