From owner-freebsd-security Thu Jul 19 10:46:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from awww.jeah.net (awww.jeah.net [216.111.239.130]) by hub.freebsd.org (Postfix) with ESMTP id CEF4437B403 for ; Thu, 19 Jul 2001 10:46:44 -0700 (PDT) (envelope-from chris@jeah.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.11.4/8.11.3) with ESMTP id f6JHkxE72433; Thu, 19 Jul 2001 12:46:59 -0500 (CDT) (envelope-from chris@jeah.net) Date: Thu, 19 Jul 2001 12:46:58 -0500 (CDT) From: Chris Byrnes To: alexus Cc: Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? In-Reply-To: <005d01c1107a$b6f57a40$0d00a8c0@alexus> Message-ID: <20010719124656.S72422-100000@awww.jeah.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org yup Chris Byrnes, Managing Member JEAH Communications, LLC On Thu, 19 Jul 2001, alexus wrote: > su-2.05# cd /usr/src/libexec/telnetd/ > su-2.05# make all install > install -c -s -o root -g wheel -m 555 telnetd /usr/libexec > install -c -o root -g wheel -m 444 telnetd.8.gz /usr/share/man/man8 > su-2.05# > > hmm that's it? seems like too short compilation .. is it supposed to be l= ike > this? > > ----- Original Message ----- > From: "Chris Byrnes" > To: "alexus" > Cc: > Sent: Thursday, July 19, 2001 1:39 PM > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > > > root# cd /usr/src/libexec/telnetd ; make all install ; killall -HUP inetd > > > Chris Byrnes, Managing Member > JEAH Communications, LLC > > On Thu, 19 Jul 2001, alexus wrote: > > > uh. ok:) > > > > this part is done.. should i recompile telnetd now somehow? if so then > > how?:) > > > > ----- Original Message ----- > > From: "Pierre-Luc Lesp=E9rance" > > To: > > Sent: Thursday, July 19, 2001 1:28 PM > > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > > > > > > > alexus wrote: > > > > > > > > could you also include some sort of instruction how to apply it? > > > > > > > > thanks in advance > > > > > > > > ----- Original Message ----- > > > > From: "Ruslan Ermilov" > > > > To: "Przemyslaw Frasunek" > > > > Cc: > > > > Sent: Thursday, July 19, 2001 1:14 PM > > > > Subject: [PATCH] Re: FreeBSD remote root exploit ? > > > > > > > > > On Thu, Jul 19, 2001 at 11:03:53AM +0200, Przemyslaw Frasunek wro= te: > > > > > > > Posted to bugtraq is a notice about telnetd being remotely ro= ot > > > > > > > exploitable. Does anyone know if it is true ? > > > > > > > > > > > > Yes, telnetd is vulnerable. > > > > > > > > > > > The patch is available at: > > > > > > > > > > http://people.FreeBSD.org/~ru/telnetd.patch > > > > > > > > > > > > > > > Cheers, > > > > > -- > > > > > Ruslan Ermilov Oracle Developer/DBA, > > > > > ru@sunbay.com Sunbay Software AG, > > > > > ru@FreeBSD.org FreeBSD committer, > > > > > +380.652.512.251 Simferopol, Ukraine > > > > > > > > > > http://www.FreeBSD.org The Power To Serve > > > > > http://www.oracle.com Enabling The Information Age > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > go to /usr/src/crypto/telnet/telnetd > > > and type > > > shell~# patch -p < /where/is/the/file.patch > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message