[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Redhat : [RHSA-1999:029-01] Denial of service attack in in.telnetd]



------- Forwarded Message

Received: from nis.acs.uci.edu (nis.acs.uci.edu [128.200.16.34]) by hydra.acs.uci.edu (8.8.8/8.7.1) with ESMTP id KAA26311; Fri, 20 Aug 1999 10:44:23 -0700 (PDT)
Received: from bingy.acs.uci.edu (root@bingy.acs.uci.edu [128.200.34.36]) by nis.acs.uci.edu (8.8.8/) with ESMTP id KAA12821; Fri, 20 Aug 1999 10:44:13 -0700 (PDT)
Received: from nis.acs.uci.edu (strombrg@localhost [127.0.0.1]) by bingy.acs.uci.edu (8.8.8/) with ESMTP id KAA07507; Fri, 20 Aug 1999 10:44:11 -0700 (PDT)
Sender: strombrg@nis.acs.uci.edu
Message-ID: <37BD93EA.491D76D1@nis.acs.uci.edu>
Date: Fri, 20 Aug 1999 10:44:10 -0700
From: Dan Stromberg <strombrg@nis.acs.uci.edu>
X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: ja, en
MIME-Version: 1.0
To: cmelzer@hydra.acs.uci.edu
CC: ecurtis@hydra.acs.uci.edu
Subject: [Fwd: [linux-security] [RHSA-1999:029-01] Denial of service attack in 
 in.telnetd]
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 4444


Bill Nottingham wrote:
> 
> ---------------------------------------------------------------------
>                    Red Hat, Inc. Security Advisory
> 
> Synopsis:               Denial of service attack in in.telnetd
> Advisory ID:            RHSA-1999:029-01
> Issue date:             1999-08-19
> Updated on:
> Keywords:               telnet telnetd
> Cross references:
> ---------------------------------------------------------------------
> 
> 1. Topic:
> 
> A denial of service attack has been fixed in in.telnetd.
> 
> 2. Bug IDs fixed (http://developer.redhat.com/bugzilla/):
> 
> 4560
> 
> 3. Relevant releases/architectures:
> 
> Red Hat Linux 4.2, 5.2, 6.0, all architectures
> 
> 4. Obsoleted by:
> 
> 5. Conflicts with:
> 
> 6. RPMs required:
> 
> Red Hat Linux 4.2:
> 
> Intel:
>   ftp://ftp.redhat.com/redhat/updates/4.2/i386/NetKit-B-0.09-11.i386.rpm
> 
> Alpha:
>   ftp://ftp.redhat.com/redhat/updates/4.2/alpha/NetKit-B-0.09-11.alpha.rpm
> 
> Sparc:
>   ftp://ftp.redhat.com/redhat/updates/4.2/sparc/NetKit-B-0.09-11.sparc.rpm
> 
> Source packages:
>   ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/NetKit-B-0.09-11.src.rpm
> 
> Red Hat Linux 5.2:
> 
> Intel:
>   ftp://ftp.redhat.com/redhat/updates/5.2/i386/telnet-0.10-28.5.2.i386.rpm
> 
> Alpha:
>   ftp://ftp.redhat.com/redhat/updates/5.2/alpha/telnet-0.10-28.5.2.alpha.rpm
> 
> Sparc:
>   ftp://ftp.redhat.com/redhat/updates/5.2/sparc/telnet-0.10-28.5.2.sparc.rpm
> 
> Source packages:
>   ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/telnet-0.10-28.5.2.src.rpm
> 
> Red Hat Linux 6.0:
> 
> Intel:
>   ftp://ftp.redhat.com/redhat/updates/6.0/i386/telnet-0.10-29.i386.rpm
> 
> Alpha:
>   ftp://ftp.redhat.com/redhat/updates/6.0/alpha/telnet-0.10-29.alpha.rpm
> 
> Sparc:
>   ftp://ftp.redhat.com/redhat/updates/6.0/sparc/telnet-0.10-29.sparc.rpm
> 
> Source packages:
>   ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/telnet-0.10-29.src.rpm
> 
> 7. Problem description:
> 
> in.telnetd attempts to negotiate a compatible terminal type
> between the local and remote host. By setting the TERM
> environment variable before connecting, a remote user could
> cause the system telnetd to open files it should not. Depending
> on the TERM setting used, this could lead to denial of service
> attacks.
> 
> Thanks go to Michal Zalewski and the Linux Security Audit team
> for noting this vulnerability.
> 
> 8. Solution:
> 
> For each RPM for your particular architecture, run:
> 
> rpm -Uvh <filename>
> 
> where filename is the name of the RPM.
> 
> 9. Verification:
> 
> MD5 sum                           Package Name
> --------------------------------------------------------------------------
> 0c425c34fb77a8309ff10b4143e9b847  i386/NetKit-B-0.09-11.i386.rpm
> d791d645adeb5fa0147c1058b21cbbac  alpha/NetKit-B-0.09-11.alpha.rpm
> bfbd440845191bbdcf8be21ee59bf6a8  sparc/NetKit-B-0.09-11.sparc.rpm
> ccd5ab53c423e468d66ca801c90b5ae4  SRPMS/NetKit-B-0.09-11.src.rpm
> 
> ef33f3c5ca810d05420e57b5cfcf8928  i386/telnet-0.10-28.5.2.i386.rpm
> 6dc23437a200193b0bfed23d5f5e6562  alpha/telnet-0.10-28.5.2.alpha.rpm
> 49c38457cc0a82a680fd9b9634dc8021  sparc/telnet-0.10-28.5.2.sparc.rpm
> 2f33670a683e3abef0e4914586c71961  SRPMS/telnet-0.10-28.5.2.src.rpm
> 
> 4360d47490f13d60b8737d28dc88825a  i386/telnet-0.10-29.i386.rpm
> 90213fcdca41a3ed12ab7d92344e7286  alpha/telnet-0.10-29.alpha.rpm
> 277787dbc39dff8ea84d4b16dcb7a954  sparc/telnet-0.10-29.sparc.rpm
> 269783a0754d234f7bef0f4717a8dbc2  SRPMS/telnet-0.10-29.src.rpm
> 
> These packages are PGP signed by Red Hat Inc. for security.  Our key
> is available at:
> 
> http://www.redhat.com/corp/contact.html
> 
> You can verify each package with the following command:
> 
> rpm --checksig  <filename>
> 
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> 
> rpm --checksig --nopgp <filename>
> 
> 10. References:
> 
> --
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
> 
> To unsubscribe:
>   mail -s unsubscribe linux-security-request@redhat.com < /dev/null

------- End of Forwarded Message