Red Hat Bugzilla – Bug 409
in.telnetd can be manipulated to permit a root login by a remote user
Last modified: 2008-05-01 11:37:48 EDT
We suffered a break in that has been traced to an individual
on a remote host connecting to several of our RedHat Linux
5.0 and 5.1 Intel-based systems. The connection was via
telnet, and it appears in.telnetd was manipulated to give up
a root shell. The remote user did not have a legitimate
account on any of our systems. Redhat 5.0 Alpha systems in
the same lab were not attacked.
Several other Intel based Linux systems (both Redhat and
Slacware) at other sites on campus were succeessfully
attacked at the same time.
Before we can be concerned about a security hole, the machines must be
updated to all security errata on updates.redhat.com. If those
updates have been applied, then please reopen this bug.