Hi All,
Just a quick update of some the responses I have had so far. Thanks to
all the people who responded.
This one from Tobias Ernst scared me:
"Look here:
http://www.securityfocus.com/templates/archive.pike?list=1%3flist
%3d1&start=2001-07-22&fromthread=0&mid=199243&threads=0&end=2001-07-28&
(to be written in one line, of course).
Unfortunately, I was unable to find any non-affected open sourced telnet
demon that could be used as a replacement until Compaq comes up with a
patch
:-(. In case you find one, please let me - or the list - know!
Kind Regards,
Tobias."
As did this one from James Sainsbury:
"See bugtraq archives: (
http://www.securityfocus.com/archive/1/199243 )
| To: BugTraq
| Subject: Re: telnetd exploit code
| Date: Tue Jul 24 2001 13:45:42
| Author: Josh Brandt < jbrandt_at_wpi.edu >
| Message-ID: <20010724134542.H25885_at_ernie.WPI.EDU>
| In-Reply-To: <000f01c11406$0cbeba70$de9a02c4_at_mweb.com>
|
| Not like I'm any kind of major programmer, but by substituting Alpha
shell
| code for x86 shell code, I can get this to do some interesting things
to our
| Tru64 4.0G systems. I didn't get a rootshell, but I suspect that
somebody
| who knows more of what they're doing could modify this to let them
into
| Tru64 systems.
|
| Josh
|
| --
| jbrandt_at_wpi.edu
| Unix System Administrator
| Worcester Polytechnic Institute
|
I think everyone is in the same boat here (all the telnetds seem to be
berkeley derived.)
RGDS"
This one from Benoit Lefebvre might make 5.1 users feel a bit better:
"Hi Alam,
I have a little "test network" at home with an AlphaServer 2000,
Linux,
etc..
I compiled the exploit under linux (RedHat 7.1) and I tested it
on the unix
(Tru64 v5.1) machine
Here is the result:
-----
[root_at_linux /root]# gcc -o telnetd_exploit 7350854.c
[root_at_linux /root]# ./telnetd_exploit 10.0.0.8
7350854 - x86/bsd telnetd remote root
by zip, lorian, smiler and scut.
check: FAILED
aborting
-----
I think Tru64 v5.1 is safe but I'm not sure at 100%
After a rapid look at the source code, the result I got is
displayed when
the telnetd is not exploitable.
--Benoit Lefebvre"
And finally this one from Dr Tom Blinn which made me feel a bit better:
"I asked our UNIX security response support team and they said this:
------- Forwarded Message
The SSRT team in the field spent most of yesterday trying to reproduce
the
reported problem but did not see the buffer overflow problem. Also,
<our
security engineering team> has asked some people to look into the
problem.
So, to the best of my knowledge Tru64 isn't vulnerable but testing is
continuing.
------- End of Forwarded Message
Needless to say, if we find a vulnerability, we will develop a fix
and announce its availability as soon as we are sure it addresses
the problem.
Hope this helps.
Tom"
Received on Thu Jul 26 2001 - 23:33:59 NZST