On Tue, 25 Nov 1997, kgb wrote:
> This is my first bugtraq post, If Linux in.telnetd is _supposed_ to do
> this or everyone already knows it does so, I hope Aleph1 doen't let it
> though the list. :-)
>
> This look's harmless, however it does not look like it should be
> 'acceptable' Heres the info on the bug:
>
> If you your 'TERM' variable to anythig that the telnet server your
> telnetting to does _not_ have in the terminfo database, in.telnetd
> coredumps. (leaving a core in /) This core file is dropped with safe
> permissions so only root could read it, and there is nothing that I can
> see 'dangerous' left in it for anyone to read.
>
> This does not appear to affect in.telnetd from some distributions.
> The distribution I did find affected is slackware 3.4.
I tried this on my Slackware 3.3 system at home, so it's safe to assume
that it affects prior versions of Slackware.
Since I don't use Red Hat, I can only assume either:
A. They've corrected a bug in the in.telnetd (assuming they're using the
same code base in this one) that comes with the NetKit distribution of
in.telnetd
B. They use a completely different telnetd from a different "NetKit"
C. Tying partially into B, they wrote their own.
Likewise, I don't see how anyone could exploit this one.
- --Ian.
- ---
Ian R. Justman (ianj@calweb.com)
CalWeb Internet Services Technical Support Team
Finger ianj@calweb.com for my public PGP key.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQEVAwUBNH4Xo0yc+bfQRhUBAQGXDQgA02R6JzquYOM+xaFr0el00abn7ndObV8h
vpJBGcLo0353X40Iubms+hAoYe81ewimTj+2iea4cfwdVozrW7DAjLmWWeBlOPvH
JIICHU4JPSgDOcdPyPOXWuncE3hzvJikDcVBSedfncv+894IZ3NG1xWgYIndxR8b
lUnASvlqpkytQLAby61ReDva2TCp2hk5XX6PRXU54KXsnH4dny988a+3he8IHx6o
PGTcn1/uNhrt58jMXmo+HUG4q0VlcpuqWSKp/99M7acKLBBYzLITzaFTyX66znF8
7TEqumIOxTv4i0htVFJYXbh/wjGbuJwomV9GhXl6mIQAOyr0Zd82cQ==
=2GUs
-----END PGP SIGNATURE-----