Bug 409 - in.telnetd can be manipulated to permit a root login by a remote user
Summary: in.telnetd can be manipulated to permit a root login by a remote user
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: telnet
Version: 5.1
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1998-12-14 12:53 UTC by gort
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1998-12-14 14:10:22 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description gort 1998-12-14 12:53:20 UTC 
We suffered a break in that has been traced to an individual
on a remote host connecting to several of our RedHat Linux
5.0 and 5.1 Intel-based systems.  The connection was via
telnet, and it appears in.telnetd was manipulated to give up
a root shell.  The remote user did not have a legitimate
account on any of our systems.  Redhat 5.0 Alpha systems in
the same lab were not attacked.

Several other Intel based Linux systems (both Redhat and
Slacware) at other sites on campus were succeessfully
attacked at the same time.
Comment 1 Mike Wangsmo 1998-12-14 14:10:59 UTC 
Before we can be concerned about a security hole, the machines must be
updated to all security errata on updates.redhat.com.  If those
updates have been applied, then please reopen this bug.
Note You need to log in before you can comment on or make changes to this bug.