Firewall Wizards mailing list archives
Re: recent telnet vulnerability
From: Jonas Eriksson <je () sekure net>
Date: Fri, 3 Aug 2001 09:14:22 +0200 (CEST)
On Wed, 1 Aug 2001, m p wrote:
--- Chris Keladis <Chris.Keladis () cmc cwo net au> schrieb: > m p wrote:it depends which OS you are using. The exploitable code was derived fromtheoriginal BSD code - so the assumption was made, that the OSes derived from System V (or written from scratch) are not vulnerable to _this_ buffer overflow.If FreeBSD is vulnerable, would the FW-1 IPSO Nokia devices be vulnerable as well? (and any other network-application based around *BSDs??) I know there are a few other firewalls based off FreeBSD.Hi, if on the FW-1 IPSO Nokia device the telnetd is enabled AND it is derived from the *BSD code it is vulnerable too. (I don't have any knowledge about Nokia appliances.) Ask your vendor (in this case Nokia) for updates. But why are you using telnetd on a firewall? Please try ssh :) The same thing for other vendors: Ask them! .. and if you know something, feel free about sharing your knowledge.
I can confirm that the following Nokia IPSO releases are not vulnerable to the telnetd bug: * IPSO-3.2.1-fcs1-11.24.1999-102644-849 * IPSO-3.3-FCS3-09.14.2000-234849-567 * IPSO-3.4-FCS4A-06.26.2001-235900-767 /jonas _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: recent telnet vulnerability Chris Keladis (Aug 02)
- Re: recent telnet vulnerability m p (Aug 02)
- Re: recent telnet vulnerability Jonas Eriksson (Aug 04)
- <Possible follow-ups>
- Re: recent telnet vulnerability ark (Aug 04)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability ark (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability m p (Aug 02)