Bugtraq mailing list archives
Re: multiple vendor telnet daemon vulnerability
From: Steffen Kluge <kluge () fujitsu com au>
Date: Tue, 24 Jul 2001 16:55:49 +1000
On Wed, Jul 18, 2001 at 10:15:10PM +0200, Sebastian wrote:
TESO Security Advisory 07/18/2001 [...] Multiple vendor Telnet Daemon vulnerability Systems Affected =================== System | vulnerable | exploitable * ----------------------------------------+--------------+------------------ BSDI 4.x default | yes | yes FreeBSD [2345].x default | yes | yes IRIX 6.5 | yes | no Linux netkit-telnetd < 0.14 | yes | ? Linux netkit-telnetd >= 0.14 | no | NetBSD 1.x default | yes | yes OpenBSD 2.x | yes | ? OpenBSD current | no | Solaris 2.x sparc | yes | ? <almost any other vendor's telnetd> | yes | ? ----------------------------------------+--------------+------------------
Is there a test available that would allow verification of vulnerability on various platforms? I'm thinking of network devices like routers, do their telnet servers tend to be based on the vulnerable code base? Having to upgrade hundreds of Cisco routers, for example, would be a major nightmare, given that secure implementations of SSH on IOS have only recently become available, and the associated 50/50 chance of breaking things that comes with every IOS upgrade. Regards Steffen.
Current thread:
- multiple vendor telnet daemon vulnerability Sebastian (Jul 18)
- Re: multiple vendor telnet daemon vulnerability Steffen Kluge (Jul 24)
- Re: multiple vendor telnet daemon vulnerability Kris Kennaway (Jul 24)
- Re: multiple vendor telnet daemon vulnerability Kris Kennaway (Jul 24)
- Re: multiple vendor telnet daemon vulnerability Chad Loder (Jul 25)
- Re: multiple vendor telnet daemon vulnerability Kris Kennaway (Jul 24)
- Re: multiple vendor telnet daemon vulnerability Steffen Kluge (Jul 24)
- <Possible follow-ups>
- RE: multiple vendor telnet daemon vulnerability Paul Rogers (Jul 25)