From:	 Progeny Security Team <security@progeny.com>
To:	 progeny-security-announce@lists.progeny.com,
	 progeny-debian@lists.progeny.com, bugtraq@securityfocus.com,
	 linuxlist@securityportal.com
Subject: PROGENY-SA-2001-27: Remote vulnerability in telnetd
Date:	 Tue, 14 Aug 2001 16:26:17 -0500 (EST)
Cc:	 Progeny Security Team <security@progeny.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 ---------------------------------------------------------------------------
 PROGENY SERVICE NETWORK -- SECURITY ADVISORY             PROGENY-SA-2001-27
 ---------------------------------------------------------------------------

    Synopsis:       Remote vulnerability in telnetd

    Software:       telnetd

    History:
         2001-07-18 Vulnerability announced
         2001-08-14 Update available in Progeny archive

    Credits:        Scut <scut@nb.in-berlin.de>

    Affects:        Progeny Debian (telnetd prior to 0.17-14)
		
    Progeny Only:   NO

    Vendor-Status:  New Version Released
                    (telnetd_0.17-14)


    $Progeny: security/advisory/PROGENY-SA-2001-27,v 1.9 2001/08/14 20:03:46 epg Exp $

 ---------------------------------------------------------------------------


SUMMARY

The telnetd package, the netkit telnet daemon, contains a remote
vulnerability in Progeny versions prior to 0.17-14.

In Progeny Debian, the telnet daemon is run as user telnetd, thus this
is not a remote root compromise.  However, the telnetd user can be
compromised.

telnetd is not installed by default on Progeny systems.


DETAILED DESCRIPTION

Due to poor logic in the handling of sprintf(), a buffer overflow in the
AYT handling code can occur.  This may be exploited by remote users to
gain elevated privileges.


SOLUTION (See also: UPDATING VIA APT-GET)

Upgrade to a fixed version of telnetd. Version 0.17-14
corrects the problem. For your convenience, you may upgrade to the
telnetd_0.17-14 package.


UPDATING VIA APT-GET

 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
    update repository:

        deb http://archive.progeny.com/progeny updates/newton/

 2. Update your cache of available packages for apt(8).

    Example:

        # apt-get update

 3. Using apt(8), install the new package. apt(8) will download the
    update, verify its integrity with md5, and then install the
    package on your system with dpkg(8).

    Example:

        # apt-get install telnetd


UPDATING VIA DPKG

 1. Use your preferred FTP/HTTP client to retrieve the following
    updated files from Progeny's update archive at:

    http://archive.progeny.com/progeny/updates/newton/

    MD5 Checksum                     Filename
    -------------------------------- ------------------------------------- 
    c110bf5da6723f4fcbfd2c9f2badc09f telnet_0.17-14_i386.deb
    7b6381a9b08e659b1aa5a0f1d67f4bec telnetd_0.17-14_i386.deb

    Example:

        $ wget \
        http://archive.progeny.com/progeny/updates/newton/telnetd_0.17-14_i386.deb

 2. Use the md5sum(1) command on the retrieved files to verify that
    they match the MD5 checksum provided in this advisory:

    Example:

        $ md5sum telnetd_0.17-14_i386.deb

 3. Then install the replacement package(s) using dpkg(8).

    Example:

        # dpkg --install telnetd_0.17-14_i386.deb


WORKAROUND

As an alternative to the above solution, the telnet daemon can be
disabled.


MORE INFORMATION

More information can be obtained from BUGTRAQ:
http://www.securityfocus.com/archive/1/197804
http://www.securityfocus.com/archive/1/203000

Progeny advisories can be found at http://www.progeny.com/security/.


 ---------------------------------------------------------------------------

pub  1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDrKpVkRBACS4/hjUliUt9UGTHMUGSZpQlKfBk9OFHmyLHTdjyIBCWRMmOBn
RRhag0FgPicVIDndoQvYw3+ESC/RtbuPCBf6DZ7S0+NHhm1SHEbZyHFLkRXJm+IS
29oFmKrfXnXHckCrJFDZbOznRF6dVe7hV8CYi3FtoTjlRbuiHPQCMuy4ewCghAfv
eYxfB25AoTdBT7WiG8jd4w8D/iFweuqzTwcWtXEgDbDd21W9hNPLEELgguimCCdP
l3GHqw/MUJpIvdYfYhCzTaf4VpvkM5xlJGAcelCUL9qAufwyU8U8JI2YzlbqSlO8
qRwaiwq9qisTKEBb3IQadFqug+ihVdUeP8cuXPvbUEbFt7ILWyUD/kntgFdf1Apo
zZWlA/0SM45hV6yomcM7z08tyh4hZTrWX/RUJqe+U1niNAmzPg4P+r8SfXdIkjb2
fZT5h5cYLIiK+kUEkqyPmZwUlgMCCn4IYVd2pcKXKXWE8ympuf3E5wGYeiVpLBM/
th7qdEF87sViV8McfiRuXEonYrs1nSQZX+f4OxvTQqaP46u10rQsUHJvZ2VueSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBwcm9nZW55LmNvbT6IVwQTEQIAFwUCOsql
WQULBwoDBAMVAwIDFgIBAheAAAoJEEnBfSP5LU0f/sUAnjDpQs5SnFotNJ7GeIWx
Ftf7AvBBAJ0cygWS0XRXxJJq2PKbCbdln+i4d7kEDQQ6yqcjEBAA465SSuC/yvN7
WeZAN9XperqZtxLCVe8hLfrLZ+9/Xn2ysuEEe90rYe1X0HbsB/mInHF3VmT+XvHB
VdDQ7o0VMw7aeDgprt3jDQgT8gIesSOhZvulDujmLhykE+FT/V4lKpqO8prv7Ujs
AfuC7g/X2dcV1+imNOeivLaCM0+HrwUhdvifWFDwE97wBkrda/vhu9zs3NwMeBVN
UYfkRLPm+DGUSQVrteNiYJchhqfJB0mjrd+3FgnpCVgdU4c42epZ2ez/WTgTchoT
duMCd1sM9gzvQIih56KzxlGL82PVS2m0PNxSQ8iZpheMMGWregjpjpMRcrRbSXy+
WmPBacOiE/MyxXand+lGzig/9Srm6msUT5jE/lDcfySznJWH8B/fqD7KM5Z0ZM+b
3xV0PzGyMld+m3BfGolqsd5bpo8HaWCWsZVYfgdXjoDPYptsoPdLesN6WIAHA1kU
n2kckccz4xOoI/8MqKhkzZe0q5a9sv6RLBWDeVLxJnDuXZgcwCc4OvpcR4HnOE7c
U5VsyjYwTkzGWWuQxb8uxng3akHTK2PqeZAnC0tvtuwI7QFhOq/dzz+zHzVH2+Qh
55Aq6DjA9yEs3P7g31wb3duGdWtuIXn+N85GiJdZ1EmJESQCuOYOSHsV4bGxKcpg
PIpoSr5QBAUtUOTwN+xC8nNjZtC5OzsAAwYP/1OD/eiEraGpy7Z9scgXBjjb1kly
tgq06zGlSMWPEQoN3F87YeMiOsXSeDxJG+cnhvlys1Qoytp9/drsDLANi+Q61A/b
aka2IJLudiDu4iUDFb1rgRUERBciA31karPf2IwNjdU8lbulHfxQcjtjj7rbSWOG
gxzlPcLp2F5ee3h0qs+XW4UpD6K9f/u9gGT4nMr3owG06uNomlBAsGCVpk9XlRxG
x96161vrbmTPUx/o6NhqHNuf5Zh8ZmxQ3PYydywiE9njOtS04TTad24qbdPlVQh2
kjkTdsMCFRGaAB8EYImMT3F0ofon1Q/XWZrRlhkZpzuAKLhdSOW5G+tygNy2IqsH
wCYa/rDitYZeNN4EUb5At4HnSBCy86GFQgj+sDFO6yp+h7NLIMeTm0csaSbKEt6o
cbn0iMaRbLdHmAm0UHATPho+M2brf3mTztvAPONta2FC9TP1L1ojTDd4mtO9IcdM
hjOVqNbuyLXkWgPcSmwhhjB61p3/1M1Y/zfXxLOsi/XJlstYzzKzHa68F1e9dTEz
kgeYo1hG5TqMKv1sXfPJHw4N/QVcLoUlpUJZ/kI2OQD5mAhCCZ9PbT2fT4gLhy7U
sn0blh/R/0HFSFDwHgmx8mNfw7w0qFbba9/FEE8D5qhyyCx5KTk0OkvRL9OpzO7E
jzjdcfb6B2XpgSC8iEYEGBECAAYFAjrKpyMACgkQScF9I/ktTR90vgCggiX108DO
S3rhSkmfFuHey8w4RlIAn3nD+uCe+sjCFqVwb+LY2jO3ybjB
=6dRm
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7eZBZScF9I/ktTR8RAvbVAJ4qgWrcwqALGXAjNjJxavfB7TUoLACfbFGw
Ub5Muq34yXOeVifRzlwlEcc=
=dvxO
-----END PGP SIGNATURE-----






_______________________________________________
linux-security mailing list
linux-security@lists.securityportal.com
https://lists.securityportal.com/mailman/listinfo/linux-security
http://www.securityportal.com/list/linux-security/