Subject: Re: the telnet vulnerability - is it actually fixed?
To: John F. Woods <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 07/26/2001 13:12:55
On Thu, Jul 26, 2001 at 12:34:36AM -0400, John F. Woods wrote:
> Like everyone else, it seems (:-), I did a rebuild today to make sure I have
> the telnet daemon fix to address the recent security advisory. Yet I just
> saw two "ttloop: peer died" messages a few minutes ago. I did a cvs update
> this morning, libexec/telnetd contains a bunch of files modified today, and
> telnetd has been rebuilt from those sources. Does the exploit attempt still
> kill telnetd, or is the fix insufficient?
> Thank goodness I installed tripwire today, too...
'peer died' messages are generated easily by telnetting and hitting
Ctrl-D at the login prompt. It either means someone tried to login and
gave up, or someone was testing your machine.
In all testing of the exploit that I did, you would see a 'No such file
or Directory' for any attempted, or successful exploit.
(Of course, after a successful exploit, the intruder can clean that out
of the logs...)
David Maxwell, email@example.comfirstname.lastname@example.org -->
All this stuff in twice the space would only look half as bad!