[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] Re: ALERT: remote root exploit in telnet daemon
On Thu, Aug 09, 2001 at 12:21:33PM -0700, Martin Siegert wrote:
> Topic
> =====
> remote root exploit in in.telnetd
RedHat and Caldera have issued new telnet packages that fix the remote root
exploit.
Solution
========
RedHat 6.x
----------
rpm -Fvh telnet-0.17.6x-18.i386.rpm telnet-server-0.17.6x-18.i386.rpm
RedHat 7.x
----------
rpm -Fvh telnet-0.17-18.i386.rpm telnet-server-0.17-18.i386.rpm
Caldera
-------
The upgrade procedure is somewhat complicated. I quote directly from
Caldera's advisory:
Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer 5 All /etc/telnetd
Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openserver/sr849876/
Required Files: telnetd.Z, libresolv.so.1.Z, libsocket.so.2.Z
Installing Fixed Binaries
Save the erg711793a.Z compressed tar archive into /tmp, and
install/upgrade the affected binaries with the following commands:
# cd /tmp
# uncompress erg711793a.Z
# tar xvf erg711793a
# uncompress telnetd
# mv /etc/telnetd /etc/telnetd.old
# cp telnetd /etc
# chown bin:bin /etc/telnetd
# chmod 711 /etc/telnetd
In addition, on any pre-5.0.6 system, or on any 5.0.6 system
without rs506a, execute the following commands:
# uncompress libsocket.so.2
# uncompress libresolv.so.1
# cp libresolv.so.1 /usr/lib
# cp libsocket.so.2 /usr/lib
# chown bin:bin /usr/lib/libresolv.so.1
# chown bin:bin /usr/lib/libsocket.so.2
# chmod 555 /usr/lib/libresolv.so.1
# chmod 555 /usr/lib/libsocket.so.2