|Summary:||Modified telnetd breaks utmp/wtmp|
|Product:||[Retired] Red Hat Linux||Reporter:||summers|
|Component:||telnet||Assignee:||David Lawrence <dkl>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-04-23 15:13:24 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description summers 1999-04-23 14:21:28 UTC
On two seperate i386 installations, the following problem has occured: The telnetd no longer correctly clears out utmp entries when they are no longer active. This is detectable by who, which lists current connections. Starting a telnet session and then quitting a telnet session on the machine leaves a residual utmp entry behind. Rebooting only clears the entries, it does not eliminate the problem. Console logins are unaffected, and are cleaned out normally. Likewise, xterm connections also work normally. A rpm verify on the telnetd produces the following modifications: S.5....T. The telnetd on a working machine produces no verify modifications. Reinstalling the telnet package fixes the problem. Both breakages may coorespond to a port scanning attempt, possibly on the identd port. I cannot confirm this however, as I do not have very clear time frames in which the problem may have begun. Further, the only listening services open on either box are as follows: inetd(telnet, rsh, rlogin, imapd are all tcp_wrapped and restricted to the local domain; ftp and identd are 'free'), httpd, smbd and nmbd, rwhod, and portmap. Both machines are patched up to 4/20/99 releases, and were both currently patched within two days of the start of the problem. The only log entries that coorespond to the possible time that the problem began show a possible identd port scanning attempt on the network. However, rpm verifies on login and getty packages do not seem to indicate any modified daemons. Thanks much, Dan S.
Comment 1 Jeff Johnson 1999-04-23 15:13:59 UTC
There are two problems here. 1) telnet not correctly handling utmp entries (fixed in #56). 2) the "modified telnet" problem appears to indicate that your installed telnetd is not that which comes with Red Hat.