Bug 2339

On two seperate i386 installations, the following problem
has occured:

The telnetd no longer correctly clears out utmp entries when
they are no longer active. This is detectable by who, which
lists current connections. Starting a telnet session and
then quitting a telnet session on the machine leaves a
residual utmp entry behind. Rebooting only clears the
entries, it does not eliminate the problem. Console logins
are unaffected, and are cleaned out normally. Likewise,
xterm connections also work normally.

A rpm verify on the telnetd produces the following
modifications: S.5....T. The telnetd on a working machine
produces no verify modifications. Reinstalling the telnet
package fixes the problem.

Both breakages may coorespond to a port scanning attempt,
possibly on the identd port. I cannot confirm this however,
as I do not have very clear time frames in which the problem
may have begun. Further, the only listening services open on
either box are as follows: inetd(telnet, rsh, rlogin, imapd
are all tcp_wrapped and restricted to the local domain; ftp
and identd are 'free'), httpd, smbd and nmbd, rwhod, and
portmap. Both machines are patched up to 4/20/99 releases,
and were both currently patched within two days of the start
of the problem. The only log entries that coorespond to the
possible time that the problem began show a possible identd
port scanning attempt on the network. However, rpm verifies
on login and getty packages do not seem to indicate any
modified daemons.

Thanks much,

Dan S.