Linux and DEC patches available for CA-95:14 Telnetd Vulnerability

[pcl () sable ox ac uk (Paul Leyland)]

-----BEGIN PGP SIGNED MESSAGE-----


I have put telnetd patches for DEC OSF/1 (aka Digital Unix) and Linux on
ftp.ox.ac.uk in /pub/comp/security/software/patches/telnetd/

I recommend most European sites get them from there, rather than going
to DEC ftp site.  Oxford has much faster and more reliable links to the
UK and the rest of Europe than most of us have to the Digital site in
the US.  I'd expect JANET sites to get 100k bytes per second and most of
Europe to achieve 20k.  Downloading the DEC kit took several attempts
spread over 18 hours and I managed only 0.4k per second.  Anyone wishing
to get DEC's own distribution should connect to ftp.service.digital.com
and get /public/osf/v3.2c/ssrt0367_c032.* but remember that DEC have not
compressed their tar file so you will need to download 640k compared
with 216k at Oxford.

Thanks are due to Malcolm Beattie for putting the Linux kit together.
It lives in /pub/comp/security/software/patches/telnetd/linux and
consists of a README, a patch for the telnetd source and a compiled
telnetd which should be ok for most Slackware distributions.

Dave Church, at DEC's Valbonne site, gave me permission to redistribute
the DEC kit.  Unsurprisingly, it lives in .../telnetd/DEC and consists
of a cover letter, a README, a BSD checksum and a gzipped tar file.  The
tarfile contains telnetd binaries for OSF/1 versions 2.0 through to 3.2c


Patch kits for other architectures will be added to ftp.ox.ac.uk as they
become available

Paul Leyland (in his OxCERT hat)



-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMJnv6KNsRd57vOpJAQER3QQAkh6979qF4YvVpxE4c/gN6I9zUG9xsAJN
Yy7QCoQTCpg2naVkIpz0LLXfB8ptLjPGgFIgEUi78lIqDD0UJ8VQge1okh+IpqFE
WrMctkHYqSWRi0LgYcqHtVNh+B7lDO0Ui6TZojWRwL4376tb7YcgU3JE1PPwsrB3
3K02Xm1w2ts=
=i8ox
-----END PGP SIGNATURE-----