Bug 2339 - Modified telnetd breaks utmp/wtmp
Summary: Modified telnetd breaks utmp/wtmp
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: telnet
Version: 5.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-04-23 14:21 UTC by summers
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-04-23 15:13:24 UTC

Attachments (Terms of Use)

Description summers 1999-04-23 14:21:28 UTC
On two seperate i386 installations, the following problem
has occured:

The telnetd no longer correctly clears out utmp entries when
they are no longer active. This is detectable by who, which
lists current connections. Starting a telnet session and
then quitting a telnet session on the machine leaves a
residual utmp entry behind. Rebooting only clears the
entries, it does not eliminate the problem. Console logins
are unaffected, and are cleaned out normally. Likewise,
xterm connections also work normally.

A rpm verify on the telnetd produces the following
modifications: S.5....T. The telnetd on a working machine
produces no verify modifications. Reinstalling the telnet
package fixes the problem.

Both breakages may coorespond to a port scanning attempt,
possibly on the identd port. I cannot confirm this however,
as I do not have very clear time frames in which the problem
may have begun. Further, the only listening services open on
either box are as follows: inetd(telnet, rsh, rlogin, imapd
are all tcp_wrapped and restricted to the local domain; ftp
and identd are 'free'), httpd, smbd and nmbd, rwhod, and
portmap. Both machines are patched up to 4/20/99 releases,
and were both currently patched within two days of the start
of the problem. The only log entries that coorespond to the
possible time that the problem began show a possible identd
port scanning attempt on the network. However, rpm verifies
on login and getty packages do not seem to indicate any
modified daemons.

Thanks much,

Dan S.

Comment 1 Jeff Johnson 1999-04-23 15:13:59 UTC
There are two problems here.

1) telnet not correctly handling utmp entries (fixed in #56).

2) the "modified telnet" problem appears to indicate that your
installed telnetd is not that which comes with Red Hat.

Note You need to log in before you can comment on or make changes to this bug.