Bug 2339 - Modified telnetd breaks utmp/wtmp
Modified telnetd breaks utmp/wtmp
Product: Red Hat Linux
Classification: Retired
Component: telnet (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-04-23 10:21 EDT by summers
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-04-23 11:13:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description summers 1999-04-23 10:21:28 EDT
On two seperate i386 installations, the following problem
has occured:

The telnetd no longer correctly clears out utmp entries when
they are no longer active. This is detectable by who, which
lists current connections. Starting a telnet session and
then quitting a telnet session on the machine leaves a
residual utmp entry behind. Rebooting only clears the
entries, it does not eliminate the problem. Console logins
are unaffected, and are cleaned out normally. Likewise,
xterm connections also work normally.

A rpm verify on the telnetd produces the following
modifications: S.5....T. The telnetd on a working machine
produces no verify modifications. Reinstalling the telnet
package fixes the problem.

Both breakages may coorespond to a port scanning attempt,
possibly on the identd port. I cannot confirm this however,
as I do not have very clear time frames in which the problem
may have begun. Further, the only listening services open on
either box are as follows: inetd(telnet, rsh, rlogin, imapd
are all tcp_wrapped and restricted to the local domain; ftp
and identd are 'free'), httpd, smbd and nmbd, rwhod, and
portmap. Both machines are patched up to 4/20/99 releases,
and were both currently patched within two days of the start
of the problem. The only log entries that coorespond to the
possible time that the problem began show a possible identd
port scanning attempt on the network. However, rpm verifies
on login and getty packages do not seem to indicate any
modified daemons.

Thanks much,

Dan S.
Comment 1 Jeff Johnson 1999-04-23 11:13:59 EDT
There are two problems here.

1) telnet not correctly handling utmp entries (fixed in #56).

2) the "modified telnet" problem appears to indicate that your
installed telnetd is not that which comes with Red Hat.

Note You need to log in before you can comment on or make changes to this bug.