Date: Thu, 26 Jul 2001 10:06:38 -0400 (EDT) From: Jim Sander <jim@federation.addy.com> Cc: FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: Telnet exploit & 3.4-RELEASE Message-ID: <Pine.BSF.4.10.10107260939310.22770-100000@federation.addy.com> In-Reply-To: <Pine.GSO.4.33.0107251420100.5000-100000@wasabi.sushigoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
With all the trouble people seem to be having with this issue- let me
run this by people more "in the know" and see if they think it is likely
to fix things at all...
1) built up a "new" 3.x box locally, and installed the source
(my production boxes don't have full source)
2) applied the patch and built the new telnetd
(it's 2K smaller than the original, so I know *something* changed)
3) copied the binary over to the production systems "manually."
4) restarted inetd
Telnet definitely functions, and the exploit doesn't seem to succeed-
but then it didn't work before either, so who knows for sure. (I'm
probably just using it improperly) It seems to me that this should confuse
at least the basest script-kiddies, and really that's what I'm most
worried about. The patch seems to involve only telnetd iteself, so my gut
says I'm golden. (or at least bronzed) Comments?
-=Jim=-
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10107260939310.22770-100000>