Telnet vulnerability

** CERT Warns Of Telnet Vulnerability

Computer Emergency Response Team officials are warning of a
serious vulnerability for those using the Telnet
terminal-emulation protocol to upload files to servers running
the Berkeley Software Design operating system.

The vulnerability, discovered by Teso, an international group of
young computer programmers and security enthusiasts, is a
remotely exploitable buffer overflow that can crash the server or
be used to gain root access to the server. A working exploit has
been posted to the BugTraq mailing list. The CERT advisory is
available at
[link|http://update.informationweek.com/cgi-bin4/flo?y=eD2X0BcsBT0V20QX60A1|http://update.infor...BT0V20QX60A1] .

CERT advises Telnet daemon users to apply their vendors' patch,
if one is available. Vulnerable systems include BSDI, FreeBSD,
SGI, Linux, NetBSD, OpenBSD, Sun Microsystems, Caldera, and IBM.
It's still not determined if Hewlett-Packard or Nokia Corp.
systems are affected. Cisco's Internetworking Operating System
does not appear to be affected by this vulnerability.

Post #2,918 by andread 7/27/01 8:33:37 AM Reply	Telnet vulnerability ** CERT Warns Of Telnet Vulnerability Computer Emergency Response Team officials are warning of a serious vulnerability for those using the Telnet terminal-emulation protocol to upload files to servers running the Berkeley Software Design operating system. The vulnerability, discovered by Teso, an international group of young computer programmers and security enthusiasts, is a remotely exploitable buffer overflow that can crash the server or be used to gain root access to the server. A working exploit has been posted to the BugTraq mailing list. The CERT advisory is available at [link\|http://update.informationweek.com/cgi-bin4/flo?y=eD2X0BcsBT0V20QX60A1\|http://update.infor...BT0V20QX60A1] . CERT advises Telnet daemon users to apply their vendors' patch, if one is available. Vulnerable systems include BSDI, FreeBSD, SGI, Linux, NetBSD, OpenBSD, Sun Microsystems, Caldera, and IBM. It's still not determined if Hewlett-Packard or Nokia Corp. systems are affected. Cisco's Internetworking Operating System does not appear to be affected by this vulnerability.
Post #2,929 by admin 7/27/01 9:37:36 AM Reply	Telnet is vulnerable enough... ... through line sniffing. You don't need a remote root exploit to crack a telnet box. Regards, -scott anderson
Post #3,014 by static 7/30/01 8:27:09 AM Reply	Sorry? It's not April 1, is it? "All around me are nothing but fakes Come with me on the biggest fake of all!"

Welcome to IWETHEY!