Re: multiple vendor telnet daemon vulnerability

[Steffen Kluge <kluge () fujitsu com au>]

On Wed, Jul 18, 2001 at 10:15:10PM +0200, Sebastian wrote:
> TESO Security Advisory
> 07/18/2001
> [...]
> Multiple vendor Telnet Daemon vulnerability
>
> Systems Affected
> ===================
>
>     System                                  | vulnerable   | exploitable *
>     ----------------------------------------+--------------+------------------
>     BSDI 4.x default                        |      yes     |       yes
>     FreeBSD [2345].x default                |      yes     |       yes
>     IRIX 6.5                                |      yes     |        no
>     Linux netkit-telnetd < 0.14             |      yes     |        ?
>     Linux netkit-telnetd >= 0.14            |       no     |
>     NetBSD 1.x default                      |      yes     |       yes
>     OpenBSD 2.x                             |      yes     |        ?
>     OpenBSD current                         |       no     |
>     Solaris 2.x sparc                       |      yes     |        ?
>     <almost any other vendor's telnetd>     |      yes     |        ?
>     ----------------------------------------+--------------+------------------

Is there a test available that would allow verification of
vulnerability on various platforms? I'm thinking of network
devices like routers, do their telnet servers tend to be based
on the vulnerable code base?

Having to upgrade hundreds of Cisco routers, for example, would
be a major nightmare, given that secure implementations of SSH on
IOS have only recently become available, and the associated 50/50
chance of breaking things that comes with every IOS upgrade.

Regards
Steffen.