Date: Thu, 19 Jul 2001 14:03:38 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: chris@jeah.net Cc: security@FreeBSD.ORG Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? Message-ID: <200107191803.f6JI3cT14814@giganda.komkon.org> In-Reply-To: <200107191756.f6JHupL14475@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
PS. make depend does not help either, because make still attempts to link against the /usr/lib/libtelnet.a which causes the problem. > From str Thu Jul 19 13:57:04 2001 > Date: Thu, 19 Jul 2001 13:56:51 -0400 (EDT) > From: Igor Roshchin <str@giganda.komkon.org> > To: chris@jeah.net, ml@db.nexgen.com > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > Cc: security@FreeBSD.ORG > > > It is /usr/src/crypto/telnet/telnetd that is patched by the patch in question. > /usr/src/libexec/telnetd is not touched. > > So, does not seem to be incorrect. > > The correct directory would be > /usr/src/secure/libexec/telnetd > > So, > cd /usr/src/secure/libexec/telnetd > make all > make install > ... > > However, in my case (4.3-RELEASE) the compile failed, > (the patch seemed to apply cleanly). > Below is make's output. > > Igor > > ...secure/libexec/telnetd#make > Warning: Object directory not changed from original /usr/src/secure/libexec/telnetd > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/global.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/slc.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/state.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/sys_term.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/telnetd.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/termstat.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/utility.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -c /usr/src/secure/libexec/telnetd/../../../crypto/telnet/telnetd/authenc.c > cc -O -pipe -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK -DAUTHENTICATION -DENCRYPTION -I/usr/src/secure/libexec/telnetd/../../../crypto/telnet -DINET6 -DNO_IDEA -o telnetd global.o slc.o state.o sys_term.o telnetd.o termstat.o utility.o authenc.o -lutil -ltermcap -L/usr/src/secure/libexec/telnetd/../../lib/libtelnet -ltelnet -lcrypto -lcrypt -lmp > /usr/lib/libtelnet.a(kerberos.o): In function `kerberos4_init': > kerberos.o(.text+0x114): undefined reference to `krb_get_default_keyfile' > /usr/lib/libtelnet.a(kerberos.o): In function `kerberos4_send': > kerberos.o(.text+0x1a6): undefined reference to `krb_get_phost' > kerberos.o(.text+0x1e3): undefined reference to `krb_realmofhost' > kerberos.o(.text+0x21a): undefined reference to `krb_mk_req' > kerberos.o(.text+0x22b): undefined reference to `krb_err_txt' > kerberos.o(.text+0x24d): undefined reference to `krb_get_cred' > kerberos.o(.text+0x25e): undefined reference to `krb_err_txt' > /usr/lib/libtelnet.a(kerberos.o): In function `kerberos4_is': > kerberos.o(.text+0x456): undefined reference to `krb_get_lrealm' > kerberos.o(.text+0x53c): undefined reference to `krb_rd_req' > kerberos.o(.text+0x56c): undefined reference to `krb_err_txt' > kerberos.o(.text+0x5a2): undefined reference to `krb_kntoln' > kerberos.o(.text+0x5c1): undefined reference to `kuserok' > /usr/lib/libtelnet.a(kerberos.o): In function `kerberos4_status': > kerberos.o(.text+0x89e): undefined reference to `kuserok' > *** Error code 1 > > Stop in /usr/src/secure/libexec/telnetd. > > > > > > > > > > Date: Thu, 19 Jul 2001 12:39:43 -0500 (CDT) > > From: Chris Byrnes <chris@jeah.net> > > To: alexus <ml@db.nexgen.com> > > Cc: <security@FreeBSD.ORG> > > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > > > > root# cd /usr/src/libexec/telnetd ; make all install ; killall -HUP inetd > > > > > > Chris Byrnes, Managing Member > > JEAH Communications, LLC > > > > On Thu, 19 Jul 2001, alexus wrote: > > > > > uh. ok:) > > > > > > this part is done.. should i recompile telnetd now somehow? if so then > > > how?:) > > > > > > ----- Original Message ----- > > > From: "Pierre-Luc Lespérance" <silence@oksala.org> > > > To: <security@FreeBSD.ORG> > > > Sent: Thursday, July 19, 2001 1:28 PM > > > Subject: Re: [PATCH] Re: FreeBSD remote root exploit ? > > > > > > > > > > alexus wrote: > > > > > > > > > > could you also include some sort of instruction how to apply it? > > > > > > > > > > thanks in advance > > > > > > > > > > ----- Original Message ----- > > > > > From: "Ruslan Ermilov" <ru@FreeBSD.ORG> > > > > > To: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl> > > > > > Cc: <security@FreeBSD.ORG> > > > > > Sent: Thursday, July 19, 2001 1:14 PM > > > > > Subject: [PATCH] Re: FreeBSD remote root exploit ? > > > > > > > > > > > On Thu, Jul 19, 2001 at 11:03:53AM +0200, Przemyslaw Frasunek wrote: > > > > > > > > Posted to bugtraq is a notice about telnetd being remotely root > > > > > > > > exploitable. Does anyone know if it is true ? > > > > > > > > > > > > > > Yes, telnetd is vulnerable. > > > > > > > > > > > > > The patch is available at: > > > > > > > > > > > > http://people.FreeBSD.org/~ru/telnetd.patch > > > > > > > > > > > > > > > > > > Cheers, > > > > > > -- > > > > > > Ruslan Ermilov Oracle Developer/DBA, > > > > > > ru@sunbay.com Sunbay Software AG, > > > > > > ru@FreeBSD.org FreeBSD committer, > > > > > > +380.652.512.251 Simferopol, Ukraine > > > > > > > > > > > > http://www.FreeBSD.org The Power To Serve > > > > > > http://www.oracle.com Enabling The Information Age > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > go to /usr/src/crypto/telnet/telnetd > > > > and type > > > > shell~# patch -p < /where/is/the/file.patch > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107191803.f6JI3cT14814>