On two seperate i386 installations, the following problem has occured: The telnetd no longer correctly clears out utmp entries when they are no longer active. This is detectable by who, which lists current connections. Starting a telnet session and then quitting a telnet session on the machine leaves a residual utmp entry behind. Rebooting only clears the entries, it does not eliminate the problem. Console logins are unaffected, and are cleaned out normally. Likewise, xterm connections also work normally. A rpm verify on the telnetd produces the following modifications: S.5....T. The telnetd on a working machine produces no verify modifications. Reinstalling the telnet package fixes the problem. Both breakages may coorespond to a port scanning attempt, possibly on the identd port. I cannot confirm this however, as I do not have very clear time frames in which the problem may have begun. Further, the only listening services open on either box are as follows: inetd(telnet, rsh, rlogin, imapd are all tcp_wrapped and restricted to the local domain; ftp and identd are 'free'), httpd, smbd and nmbd, rwhod, and portmap. Both machines are patched up to 4/20/99 releases, and were both currently patched within two days of the start of the problem. The only log entries that coorespond to the possible time that the problem began show a possible identd port scanning attempt on the network. However, rpm verifies on login and getty packages do not seem to indicate any modified daemons. Thanks much, Dan S.
There are two problems here. 1) telnet not correctly handling utmp entries (fixed in #56). 2) the "modified telnet" problem appears to indicate that your installed telnetd is not that which comes with Red Hat.