From owner-freebsd-security Thu Jul 19 10:37:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 6E0D337B401 for ; Thu, 19 Jul 2001 10:37:18 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 35428 invoked from network); 19 Jul 2001 17:37:06 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 19 Jul 2001 17:37:06 -0000 Message-ID: <004501c11079$7321d990$0d00a8c0@alexus> From: "alexus" To: =?iso-8859-1?Q?Pierre-Luc_Lesp=E9rance?= , References: <5.1.0.14.0.20010719001357.03e22638@192.168.0.12> <014d01c11031$bdab5a10$2001a8c0@clitoris> <20010719201407.B61061@sunbay.com> <003701c11077$b3125400$0d00a8c0@alexus> <3B5718A0.2B650C9C@oksala.org> Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? Date: Thu, 19 Jul 2001 13:37:14 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org uh. ok:) this part is done.. should i recompile telnetd now somehow? if so then how?:) ----- Original Message ----- From: "Pierre-Luc Lespérance" To: Sent: Thursday, July 19, 2001 1:28 PM Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > alexus wrote: > > > > could you also include some sort of instruction how to apply it? > > > > thanks in advance > > > > ----- Original Message ----- > > From: "Ruslan Ermilov" > > To: "Przemyslaw Frasunek" > > Cc: > > Sent: Thursday, July 19, 2001 1:14 PM > > Subject: [PATCH] Re: FreeBSD remote root exploit ? > > > > > On Thu, Jul 19, 2001 at 11:03:53AM +0200, Przemyslaw Frasunek wrote: > > > > > Posted to bugtraq is a notice about telnetd being remotely root > > > > > exploitable. Does anyone know if it is true ? > > > > > > > > Yes, telnetd is vulnerable. > > > > > > > The patch is available at: > > > > > > http://people.FreeBSD.org/~ru/telnetd.patch > > > > > > > > > Cheers, > > > -- > > > Ruslan Ermilov Oracle Developer/DBA, > > > ru@sunbay.com Sunbay Software AG, > > > ru@FreeBSD.org FreeBSD committer, > > > +380.652.512.251 Simferopol, Ukraine > > > > > > http://www.FreeBSD.org The Power To Serve > > > http://www.oracle.com Enabling The Information Age > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > go to /usr/src/crypto/telnet/telnetd > and type > shell~# patch -p < /where/is/the/file.patch > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message