[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian netkit telnetd vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Debian netkit telnetd vulnerability
From: Matt Zimmerman <mdz@xxxxxxxxxx>
Date: Sun, 26 Sep 2004 15:41:53 -0700

On Tue, Sep 21, 2004 at 03:11:49AM +0400, Solar Designer wrote:

> On Sat, Sep 18, 2004 at 09:57:19PM +0200, Michal Zalewski wrote:
> > Exposure:
> > 
> >   Remote root compromise through buffer handling flaws
> 
> FWIW, some (two?) distributions have privsep'ed telnetd by now, where
> the immediate impact of this flaw (if it were present there) would be
> code execution as pseudo-user "telnetd" chrooted to /var/empty. (*)

Debian's telnetd runs as user telnetd, though it does not chroot to
/var/empty.

-- 
 - mdz

References:
- Debian netkit telnetd vulnerability
  - From: Michal Zalewski
- Re: Debian netkit telnetd vulnerability
  - From: Solar Designer

Prev by Date: [FLSA-2004:1552] Updated cadaver packages that fix security vulnerabilities
Next by Date: Re: New whitepaper "The Phishing Guide"
Previous by thread: Re: Debian netkit telnetd vulnerability
Next by thread: glFTPd local stack buffer overflow
Index(es):
- Date
- Thread