Date: Thu, 26 Jul 2001 10:06:38 -0400 (EDT) From: Jim Sander <jim@federation.addy.com> Cc: FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: Telnet exploit & 3.4-RELEASE Message-ID: <Pine.BSF.4.10.10107260939310.22770-100000@federation.addy.com> In-Reply-To: <Pine.GSO.4.33.0107251420100.5000-100000@wasabi.sushigoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
With all the trouble people seem to be having with this issue- let me run this by people more "in the know" and see if they think it is likely to fix things at all... 1) built up a "new" 3.x box locally, and installed the source (my production boxes don't have full source) 2) applied the patch and built the new telnetd (it's 2K smaller than the original, so I know *something* changed) 3) copied the binary over to the production systems "manually." 4) restarted inetd Telnet definitely functions, and the exploit doesn't seem to succeed- but then it didn't work before either, so who knows for sure. (I'm probably just using it improperly) It seems to me that this should confuse at least the basest script-kiddies, and really that's what I'm most worried about. The patch seems to involve only telnetd iteself, so my gut says I'm golden. (or at least bronzed) Comments? -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10107260939310.22770-100000>