![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Olaf Kirch <okir@caldera.de>
To: announce@lists.caldera.com
Subject: (Non) Vulnerability in telnetd
Date: Mon, 23 Jul 2001 12:45:46 +0200
A vulnerability in all BSD derived implementations of the TELNET server
daemon was published during the weekend that allows attackers to gain
root privilege on the attacked machine.
This bug has been present in the Linux port of telnetd up to and including
netkit-telnet-0.14.
The only (supported) OpenLinux product that would be vulnerable to this
bug are OpenLinux 2.3 and OpenLinux eServer 2.3. However, we did release
a security update for these in March 2000 that brought the netkit-telnet
package to version 0.16, which is not vulnable anymore.
We therefore encourage all users of OpenLinux 2.3 and eServer 2.3 to
apply this security patch if they haven't already done so. The fixes
are available from
OpenLinux 2.3:
ftp://ftp.caldera.com/pub/openlinux/updates/2.3/022/RPMS/netkit-telnet-0.16-1.i386.rpm
OpenLinux eServer 2.3:
ftp://ftp.caldera.com/pub/eServer/2.3/updates/2.3/007/RPMS/netkit-telnet-0.16-1.i386.rpm
Olaf Kirch
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.