From owner-freebsd-questions  Sat Oct 17 10:23:59 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA04533
          for freebsd-questions-outgoing; Sat, 17 Oct 1998 10:23:59 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from azazel.async.org (hun-al1-02.ix.netcom.com [205.184.6.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04482
          for <questions@FreeBSD.ORG>; Sat, 17 Oct 1998 10:22:54 -0700 (PDT)
          (envelope-from ysyi@async.org)
Received: from localhost (ysyi@localhost)
	by azazel.async.org (8.9.1a/8.9.1a) with SMTP id MAA30960;
	Sat, 17 Oct 1998 12:18:26 -0500
Date: Sat, 17 Oct 1998 12:18:26 -0500 (CDT)
From: "Yong S. Yi" <ysyi@async.org>
To: Oleg Semenyuk <olegs@matrix.ru>
cc: olegs@crocodile.matrix.ru, questions@FreeBSD.ORG
Subject: Re: FreeBSD-2.2.6 telnet, telnetd, rlogind - size of programm
In-Reply-To: <Pine.BSI.3.96.SK.981017143320.24978A-100000@ns.matrix.ru>
Message-ID: <Pine.LNX.3.96.981017121338.30952A-100000@azazel.async.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 17 Oct 1998, Oleg Semenyuk wrote:
>Hello all,
>
>I check now size of some programms on FreeBSD-2.2.6 and see that
>size of telnet, telnetd, rlogind, rshd and some other programms different
>for my home computer and one of work servers. ls -al for this programms,
>for example:
>
>-r-xr-xr-x bin bin 45056 Mar 25 telnetd at work
>-r-xr-xr-x bin bin 49152 Mar 25 telnetd at home
>
>nm /usr/libexec/telnetd say "no name list", and I don't know how
>investigate this problem.
>
>I installed FreeBSD-2.2.6 on both servers at Apr 98 and Sep 98, source
>from ftp.freebsd.org.
>
>Please answer about this problem. Does it mean that one of server
>vulnerable?

Well, if these are binaries straight from the installation sets, then
perhaps. If you rebuilt your system from source code, then it may have
compiled telnetd with different libs, etc, due to differing
configurations. I believe 2.2.6 is "out-of-the-box" vulnerable to the QPOP
bug (check inetd.conf), so it is very possible that someone could have
obtained illegal access to the machine this way or another, and installed
a telnetd backdoor. 

Staying up-to-date with security information is not a bad idea. At the
least, check with FreeBSD's errata list at www.FreeBSD.org, and fix any
known bugs (at the least, security bugs).

Good luck.

-ysyi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message