From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 22:17:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF98B106577F for ; Tue, 26 Jun 2012 22:17:04 +0000 (UTC) (envelope-from taliedge9@gmail.com) Received: from mail-gg0-f182.google.com (mail-gg0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id A15788FC16 for ; Tue, 26 Jun 2012 22:17:02 +0000 (UTC) Received: by ggnm2 with SMTP id m2so507376ggn.13 for ; Tue, 26 Jun 2012 15:17:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Qk/+JRfYz3oln/S9nRDPrZOZATwR92XVWX59fauQ/Z4=; b=KhfFVrCUVvdbd4GCirj5JdBYFoR0FYRu0QJ7HQFytYTF1FzKkxW2Wqe0J0+ElXX/Yy H8IoXm2UKqjSl5vyhEnztVOucn6oDj34t8VpUgYs00QKWIx7toBUXyxYXg0Dam1PNLkz xuMmal4HgHX1nTRHvvFY6XElmIlexP43QFlToeR3teFxm68xGR66CdiA+MuqTjxRQXOd jj7bbFIjiStReZ6cC3CwNXmA1vyrzb4Dv7hWESghPjnBIPCeovlPNR6CtJFOp/4A2GuJ S/KZGVsPgKRythmTzZYa9fib9k29RGlS/DR8cuIw0qFWtyXux8D/aER+euG+RTTLEfeA QCKQ== MIME-Version: 1.0 Received: by 10.50.190.230 with SMTP id gt6mr12494620igc.48.1340749021945; Tue, 26 Jun 2012 15:17:01 -0700 (PDT) Received: by 10.64.126.232 with HTTP; Tue, 26 Jun 2012 15:17:01 -0700 (PDT) Date: Wed, 27 Jun 2012 00:17:01 +0200 Message-ID: From: trap9 trap9 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: BSD TelnetD Exploit on one of my servers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 22:17:05 -0000 This is what I find on one of my servers : It appears to be a telnet exploit code for CVE-2011-4862. http://www.4shared.com/zip/mgSStKnU/wolverine-final.html Richard