Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!lll-winken.llnl.gov!uwm.edu!msunews!agate!agate!usenet
From: curt@portal.ca (Curt Sampson)
Newsgroups: comp.unix.bsd.netbsd.announce
Subject: Re: CERT Advisory CA-95:14 - Telnetd Environment Vulnerability
Followup-To: poster
Date: 2 Nov 1995 21:31:16 -0800
Organization: Internet Portal Services, Ltd.
Lines: 40
Sender: cgd@agate.berkeley.edu
Approved: netbsd-announce-request@agate.berkeley.edu
Message-ID: <4793d2$6la@cynic.portal.ca>
NNTP-Posting-Host: agate.berkeley.edu
Status: RO
There's a bit of a problem with the recent CERT advisory as it
relates to the telnetd environment vulnerability and NetBSD 1.0.
The instructions given for compiling the login wrapper for NetBSD
will not fix the vulnerability.
On Wed, 1 Nov 1995, CERT Advisory wrote:
> =======================================================================
> CA-95:14 CERT Advisory
> November 1, 1995
> Telnetd Environment Vulnerability
> -----------------------------------------------------------------------
>...
> NetBSD
> ------
>...
> The login-wrapper given in the advisory can be compiled with NetBSD with:
> cc -o login-wrapper login-wrapper.c
>...
> Note 1: The wrapper must be compiled statically.
The login wrapper must indeed be compiled statically, because
otherwise a trojan version of strcmp could be substituted in an
uploaded shared library, and the wrapper would execute this.
However, the instructions for NetBSD given above compile a dynamically,
not statically, linked version. The correct command line is:
cc -static -o hello2 hello.c
However, I suggest the best option is to download the latest version
of telnetd from ftp.netbsd.org (the files are in the directory
/pub/NetBSD/NetBSD-current/src/libexec/telnetd) and recompile and
replace /usr/libexec/telnetd. On my i386 1.0 system, the new telnetd
compiled with no problems.
cjs
--
Curt Sampson curt@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.