netbsd-users: Re: telnetd core

Subject: Re: telnetd core
To: Wojciech Puchar <wojtek@tensor.3miasto.net>
From: Bruno Saverio Delbono <Bruno.S.Delbono@wf0.com>
List: netbsd-users
Date: 12/30/2002 09:38:22
At 04:18 PM 12/30/2002 +0100, Wojciech Puchar wrote:
> > >different hosts.
> >
> > It seems that someone is trying to use a NetBSD telnetd exploit by Team
> > Teso on your box.
> >
> > See: http://mail-index.netbsd.org/netbsd-announce/2001/07/25/0001.html
> >
>
>this is the only response on topic and helpful. thank you.
>
>unfortunately attached patch doesn't work :(

Could you show us the output of when you apply the patch?

Have you tried updating via cvs to netbsd-1-5 branch? A cvs diff -u or cvs 
update -Pad -rnetbsd-1-5 . may bring your version up2date. Also do a cvs 
log on all files in libexec/telnetd and see if you have a commit log from 
jhawk.

Please see: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/telnetd/telnetd.c

Also see:


Revision <telnetd.c?rev=1.20.4.htm>1.20.4.2 / (download) - annotate - 
[select for diffs], Sun Jul 29 04:13:09 2001 UTC (17 months ago) by jhawk
Branch: <./telnetd.htm>netbsd-1-5
CVS Tags: <./telnetd.htm>netbsd-1-5-PATCH003, 
<./telnetd.htm>netbsd-1-5-PATCH002
Changes since 1.20.4.1: +28 -34 lines
Diff to previous 1.20.4.1 (colored) to branchpoint 1.20 (colored) next main 
1.21 (colored)

Pull up revision 1.26 (requested by itojun):
   Security-related fixups for telnet
   Bound-check all "*nfrontp++" code.  From OpenBSD and Heimdal.
   Complain if file descriptor goes above FD_SETSIZE.  From OpenBSD.

If disabling telnetd is not an option, please consider the use of 
tcpwrappers/ipf till you have patched your system.

-Bruno


----------------------------------------------------------------------
Our company accepts no liability for the content of this email, or for
the consequences of any actions taken on the basis of the information
provided, unless that information is subsequently confirmed in
writing. If you are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on
the contents of this information is strictly prohibited.
                        http://www.wf0.com
----------------------------------------------------------------------