Risks
Vulnerabilities
Browse by
Mac OS X & Darwin/BSD telnetd overflow
30 July 2001
Bookmark and Share
[titanium:~/desktop] chrome% ./SPtelnetAYT localhost
Telnetd AYT overflow scanner, by Security Point(R)
Host: localhost
Connected to remote host...
Sending telnet options... stand by...
Telnetd on localhost vulnerable
[titanium:~/desktop] chrome% telnet localhost
Trying 127.0.0.1...
Connected to localhost.stupendous.net.
Escape character is '^]'.

Darwin/BSD (titanium) (ttyp5)

login: ^]
telnet> close
Connection closed.

Note that by default telnet is disabled in /etc/inetd.conf (as are most things, except for portmapper/NFS, ugh) so the impact should be minimal. If you're not using the OpenSSH included with OS X, you're mad.

This was tested successfully on Mac OS X 10.0.4 from both the local machine, and from a remote Sparc Solaris 2.7 host.

I'd notify Apply, only I have no idea what address to use, and it's 6am and I've not slept yet (catching up to bugtraq from a 2 week holiday, wow, that Code Red thing was bad, glad I wasn't around when THAT baby hit, ho ho ho)

Nathan.

--
"The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows." - Frank Zappa




Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //