Date: Sun, 15 Feb 2009 06:54:41 -0800 From: FreeBSD Security Officer <cperciva@freebsd.org> To: freebsd security <freebsd-security@freebsd.org> Subject: HEADS UP: telnetd exploit in the wild, advisory coming soon Message-ID: <49982CB1.5040502@freebsd.org>
next in thread | raw e-mail | index | archive | help
Hi all, A semi-remote root exploit for telnetd was posted to the full-disclosure list yesterday: http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html Because the FreeBSD security team didn't get any advance notice of this, we're still investigating and don't have an official advisory or patches ready yet; we're working on it. Some basic information from our investigation so far, subject to change as we investigate further: * this affects telnetd in FreeBSD 7.0-RELEASE, 7.1-RELEASE, 7-STABLE, and 8-CURRENT. * telnetd is disabled by default; if it is enabled, this is normally done via inetd(8). * dragonflybsd is vulnerable to this exploit, but for a completely different reason. Don't try to use their patch -- it won't work. * in order to exploit this, an attacker needs to put a file somewhere on the vulnerable system with a known path. For an attacker who already has non-root access, this is obviously trivial; for an attacker without an account it may be possible to do this by sending an email to a user on the system, exploiting a CGI script, uploading a file via anonymous FTP, etc. I strongly recommend disabling telnetd on all FreeBSD 7.x and 8.x systems. Check that telnetd isn't running (`ps ax | grep telnetd | grep -v grep` should return nothing) and that it isn't enabled in inetd.conf (`grep telnetd /etc/inetd.conf | grep -v ^#` should return nothing). If you absolutely must run telnetd, use a firewall to restrict access to people whom you trust with root access. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49982CB1.5040502>