From owner-freebsd-security  Thu Jul 19 10:53:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from woh-65-28-240-79.woh.rr.com (woh-65-28-240-79.woh.rr.com [65.28.240.79])
	by hub.freebsd.org (Postfix) with SMTP id 9252937B401
	for <security@freebsd.org>; Thu, 19 Jul 2001 10:53:39 -0700 (PDT)
	(envelope-from changty@muohio.edu)
Received: (qmail 21086 invoked by uid 1000); 19 Jul 2001 17:53:33 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Jul 2001 17:53:33 -0000
Date: Thu, 19 Jul 2001 13:53:33 -0400 (EDT)
From: Tony Chang <changty@muohio.edu>
X-X-Sender:  <w@woh-65-28-240-79.woh.rr.com>
To: <security@freebsd.org>
Subject: Re: [PATCH] Re: FreeBSD remote root exploit ?
In-Reply-To: <005d01c1107a$b6f57a40$0d00a8c0@alexus>
Message-ID: <Pine.BSF.4.33.0107191349020.20999-100000@woh-65-28-240-79.woh.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Make sure to delete the old obj files:

rm -r /usr/obj/usr/src/libexec/telnetd/

Then it should work.

ja~
Tony

----------
Tony Chang

http://www.muohio.edu/~changty/

"Nothing is certain or proved beyond all doubt."
--Richard Feynman

On Thu, 19 Jul 2001, alexus wrote:

> Date: Thu, 19 Jul 2001 13:46:17 -0400
> From: alexus <ml@db.nexgen.com>
> To: Chris Byrnes <chris@jeah.net>
> Cc: security@FreeBSD.ORG
> Subject: Re: [PATCH] Re: FreeBSD remote root exploit ?
>
> su-2.05# cd /usr/src/libexec/telnetd/
> su-2.05# make all install
> install -c -s -o root -g wheel -m 555   telnetd /usr/libexec
> install -c -o root -g wheel -m 444 telnetd.8.gz  /usr/share/man/man8
> su-2.05#
>
> hmm that's it? seems like too short compilation .. is it supposed to be l=
ike
> this?
>
> ----- Original Message -----
> From: "Chris Byrnes" <chris@jeah.net>
> To: "alexus" <ml@db.nexgen.com>
> Cc: <security@FreeBSD.ORG>
> Sent: Thursday, July 19, 2001 1:39 PM
> Subject: Re: [PATCH] Re: FreeBSD remote root exploit ?
>
>
> root# cd /usr/src/libexec/telnetd ; make all install ; killall -HUP inetd
>
>
> Chris Byrnes, Managing Member
> JEAH Communications, LLC
>
> On Thu, 19 Jul 2001, alexus wrote:
>
> > uh. ok:)
> >
> > this part is done.. should i recompile telnetd now somehow? if so then
> > how?:)
> >
> > ----- Original Message -----
> > From: "Pierre-Luc Lesp=E9rance" <silence@oksala.org>
> > To: <security@FreeBSD.ORG>
> > Sent: Thursday, July 19, 2001 1:28 PM
> > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ?
> >
> >
> > > alexus wrote:
> > > >
> > > > could you also include some sort of instruction how to apply it?
> > > >
> > > > thanks in advance
> > > >
> > > > ----- Original Message -----
> > > > From: "Ruslan Ermilov" <ru@FreeBSD.ORG>
> > > > To: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
> > > > Cc: <security@FreeBSD.ORG>
> > > > Sent: Thursday, July 19, 2001 1:14 PM
> > > > Subject: [PATCH] Re: FreeBSD remote root exploit ?
> > > >
> > > > > On Thu, Jul 19, 2001 at 11:03:53AM +0200, Przemyslaw Frasunek wro=
te:
> > > > > > > Posted to bugtraq is a notice about telnetd being remotely ro=
ot
> > > > > > > exploitable. Does anyone know if it is true ?
> > > > > >
> > > > > > Yes, telnetd is vulnerable.
> > > > > >
> > > > > The patch is available at:
> > > > >
> > > > > http://people.FreeBSD.org/~ru/telnetd.patch
> > > > >
> > > > >
> > > > > Cheers,
> > > > > --
> > > > > Ruslan Ermilov Oracle Developer/DBA,
> > > > > ru@sunbay.com Sunbay Software AG,
> > > > > ru@FreeBSD.org FreeBSD committer,
> > > > > +380.652.512.251 Simferopol, Ukraine
> > > > >
> > > > > http://www.FreeBSD.org The Power To Serve
> > > > > http://www.oracle.com Enabling The Information Age
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-security" in the body of the message
> > > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-security" in the body of the message
> > > go to /usr/src/crypto/telnet/telnetd
> > > and type
> > > shell~# patch -p < /where/is/the/file.patch
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message