netbsd-bugs: Re: telnetd/shared-libraries bug fixed in 1.1 ?

Subject: Re: telnetd/shared-libraries bug fixed in 1.1 ?
To: Netbsd Mailing List <netbsd@vu.com>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: netbsd-bugs
Date: 12/07/1995 19:03:35
On Thu, 7 Dec 1995 19:21:56 -0700 (MST) 
 Netbsd Mailing List <netbsd@vu.com> wrote:

 > i came across a note in the bugtraq mailing list that uncovered a security
 > flaw in various implementations of telnetd using shared libraries. from
 > what i can tell, it appears to exist in 1.1, which is strange because i
 > thought it was fixed quite a while ago.
 > if readers require the article, i can find it and post/mail.

I think there was a CERT advisory, if that's what you're referring to.  
It certainly doesn't appear to exist on my systems ... below is a 
transcript I _just_ ran to check.  The version says 1.0A, but that's 
because through the release cycle, I continued using the development 
trunk on this particular system.

--------------------------------------------------------------------------
Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939

-----snip-----
Script started on Thu Dec  7 19:06:47 1995
antie (thorpej) ~ 101% uname -a
NetBSD antie 1.0A NetBSD 1.0A (ANTIE) #391: Tue Nov 21 16:35:24 PST 1995     thorpej@antie:/work/netbsd/src/sys/arch/i386/compile/ANTIE i386
antie (thorpej) ~ 102% setenv LD_LIBRARY_PATH /usr/lib:/usr/local/lib
antie (thorpej) ~ 103% telnet localhost
Trying 127.0.0.1...
Connected to localhost.nas.nasa.gov.
Escape character is '^]'.

------------------------------------------------------------------------------
You are connected to a U.S. government computer system.  Any unauthorized
attempt to gain access to this system may subject you to fine or imprisonment.
------------------------------------------------------------------------------

NetBSD/i386 (antie) (ttyp3)

login: thorpej
Password:
Last login: Thu Dec  7 19:06:09 from localhost
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.   All rights reserved.

NetBSD 1.0A (ANTIE) #391: Tue Nov 21 16:35:24 PST 1995

Terminal type? [xterms]
Display? [lestat.nas.nasa.gov:0]
 7:07PM  up 16 days,  2:31, 5 users, load averages: 0.28, 0.15, 0.10
users: thorpej
antie (thorpej) ~ 101% echo $LD_LIBRARY_PATH
LD_LIBRARY_PATH: Undefined variable.
antie (thorpej) ~ 102% exit
logout
Connection closed by foreign host.
antie (thorpej) ~ 104% exit
exit

Script done on Thu Dec  7 19:07:51 1995