Subject: Re: telnetd core
To: Bruno Saverio Delbono <Bruno.S.Delbono@wf0.com>
From: Wojciech Puchar <wojtek@tensor.3miasto.net>
List: netbsd-users
Date: 12/29/2002 17:28:39
>
> It seems that someone is trying to use a NetBSD telnetd exploit by Team
> Teso on your box.
>
> See: http://mail-index.netbsd.org/netbsd-announce/2001/07/25/0001.html
>
> BTW - from the telnetd/utility.c source code:
>
> /* ttloop - A small subroutine to flush the network output buffer, get some
> data
>   * from the network, and pass it through the telnet state machine. We
>   * also flush the pty input buffer (by dropping its data) if it becomes
>   * too full.
> */
>
> >is telnetd exploitable??! any protection?
>
>
> See above advisory.
>
this patch doesn't work for me - 1 of 1 hunk rejected
and i can't find
!       (void) strcpy(nfrontp, "\r\n[Yes]\r\n");

to patch manually.

what's wrong

1.5.4ALPHA