From: Olaf Kirch <okir@caldera.de> To: announce@lists.caldera.com Subject: (Non) Vulnerability in telnetd Date: Mon, 23 Jul 2001 12:45:46 +0200 A vulnerability in all BSD derived implementations of the TELNET server daemon was published during the weekend that allows attackers to gain root privilege on the attacked machine. This bug has been present in the Linux port of telnetd up to and including netkit-telnet-0.14. The only (supported) OpenLinux product that would be vulnerable to this bug are OpenLinux 2.3 and OpenLinux eServer 2.3. However, we did release a security update for these in March 2000 that brought the netkit-telnet package to version 0.16, which is not vulnable anymore. We therefore encourage all users of OpenLinux 2.3 and eServer 2.3 to apply this security patch if they haven't already done so. The fixes are available from OpenLinux 2.3: ftp://ftp.caldera.com/pub/openlinux/updates/2.3/022/RPMS/netkit-telnet-0.16-1.i386.rpm OpenLinux eServer 2.3: ftp://ftp.caldera.com/pub/eServer/2.3/updates/2.3/007/RPMS/netkit-telnet-0.16-1.i386.rpm Olaf Kirch -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@caldera.de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.