Subject: Re: the telnet vulnerability - is it actually fixed?
To: John F. Woods <jfw@jfwhome.funhouse.com>
From: None <itojun@iijlab.net>
List: current-users
Date: 07/26/2001 14:26:34
>Like everyone else, it seems (:-), I did a rebuild today to make sure I have
>the telnet daemon fix to address the recent security advisory. Yet I just
>saw two "ttloop: peer died" messages a few minutes ago. I did a cvs update
>this morning, libexec/telnetd contains a bunch of files modified today, and
>telnetd has been rebuilt from those sources. Does the exploit attempt still
>kill telnetd, or is the fix insufficient?
"peer died" indicates there's some bad guy attempt to trick you
(port-scanning and such), that's all. it does not necessarily indicate
that you are hosed. as long as you have sufficient patches, you should
be okay. i guess we need to update words on advisory if they seem
ambiguous.
itojun