Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: recent telnet vulnerability

From: Jonas Eriksson <je () sekure net>
Date: Fri, 3 Aug 2001 09:14:22 +0200 (CEST)
On Wed, 1 Aug 2001, m p wrote:


 --- Chris Keladis <Chris.Keladis () cmc cwo net au> schrieb: > m p wrote:



it depends which OS you are using. The exploitable code was derived from

the

original BSD code - so the assumption was made, that the OSes derived from
System V (or written from scratch) are not vulnerable to _this_ buffer
overflow.


If FreeBSD is vulnerable, would the FW-1 IPSO Nokia devices be
vulnerable as well? (and any other network-application based around
*BSDs??)

I know there are a few other firewalls based off FreeBSD.





Hi,

if on the FW-1 IPSO Nokia device the telnetd is enabled AND it is derived from
the *BSD code it is vulnerable too. (I don't have any knowledge about Nokia
appliances.) Ask your vendor (in this case Nokia) for updates.

But why are you using telnetd on a firewall? Please try ssh :)

The same thing for other vendors: Ask them!
.. and if you know something, feel free about sharing your knowledge.




I can confirm that the following Nokia IPSO releases are not vulnerable to
the telnetd bug:

* IPSO-3.2.1-fcs1-11.24.1999-102644-849 
* IPSO-3.3-FCS3-09.14.2000-234849-567 
* IPSO-3.4-FCS4A-06.26.2001-235900-767 


/jonas

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: