Date: Tue, 27 Mar 2012 08:55:09 -0700 From: Geoff McDonald <Geoff_McDonald@symantec.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Telnet virus? Message-ID: <D994A27B83832149BF7C08BFFE98DDA814E71340FF@TUS1XCHEVSPIN36.SYMC.SYMANTEC.COM>
next in thread | raw e-mail | index | archive | help
A few days before Christmas (Dec 23, 2011) you guys pushed out a critical r= emote-code-execution patch affecting Telnet (FreeBSD-SA-11:08.telnetd, CVE-= 2011-4862), and the Colin Percival noted the unusual patch timing to being = forced by exploitation of the vulnerability in the wild. Starting December, we have seen the number of firewall hits on Port 23 TCP = increase over double to around the same number of events as the pretty larg= e Morto RDP bruteforcing worm on 3389. This level of activity could be asso= ciated with a worm. By any chance do you have more information about the ex= ploitation of the patched Telnet vulnerability in the wild? Does anyone ha= ppen to have a sample of the worm if there is one? I understand this issue is not specific to FreeBSD, it is just that you guy= s seemed to be the first people to patch the issue and were the ones to rep= ort it being actively exploited in the wild. References: http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.ht= ml http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-4862 http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc --- Geoff McDonald Threat Analyst Symantec Corporation
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D994A27B83832149BF7C08BFFE98DDA814E71340FF>