Subject: Re: telnetd core
To: Wojciech Puchar <wojtek@tensor.3miasto.net>
From: Bruno Saverio Delbono <Bruno.S.Delbono@wf0.com>
List: netbsd-users
Date: 12/29/2002 04:29:49
At 11:57 AM 12/29/2002 +0100, Wojciech Puchar wrote:
>i found telnetd.core in / directory of public access machine that works
>stable for few months.
>
>in logs i found lots (every few seconds) messages like
>telnetd[9872]: ttloop: peer died: No such file or directory
>
>and lots of messages from inetd about connection to telnetd from many
>different hosts.
It seems that someone is trying to use a NetBSD telnetd exploit by Team
Teso on your box.
See: http://mail-index.netbsd.org/netbsd-announce/2001/07/25/0001.html
BTW - from the telnetd/utility.c source code:
/* ttloop - A small subroutine to flush the network output buffer, get some
data
* from the network, and pass it through the telnet state machine. We
* also flush the pty input buffer (by dropping its data) if it becomes
* too full.
*/
>is telnetd exploitable??! any protection?
See above advisory.
Note: You may wish to disable telnetd altogether as it offers no protection
over ssh.
Regards,
-Bruno
----------------------------------------------------------------------
Our company accepts no liability for the content of this email, or for
the consequences of any actions taken on the basis of the information
provided, unless that information is subsequently confirmed in
writing. If you are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on
the contents of this information is strictly prohibited.
http://www.wf0.com
----------------------------------------------------------------------