Risks
Vulnerabilities
Browse by
Mac OS X & Darwin/BSD telnetd overflow
30 July 2001
Bookmark and Share
[titanium:~/desktop] chrome% ./SPtelnetAYT localhost
Telnetd AYT overflow scanner, by Security Point(R)
Host: localhost
Connected to remote host...
Sending telnet options... stand by...
Telnetd on localhost vulnerable
[titanium:~/desktop] chrome% telnet localhost
Trying 127.0.0.1...
Connected to localhost.stupendous.net.
Escape character is '^]'.

Darwin/BSD (titanium) (ttyp5)

login: ^]
telnet> close
Connection closed.

Note that by default telnet is disabled in /etc/inetd.conf (as are most things, except for portmapper/NFS, ugh) so the impact should be minimal. If you're not using the OpenSSH included with OS X, you're mad.

This was tested successfully on Mac OS X 10.0.4 from both the local machine, and from a remote Sparc Solaris 2.7 host.

I'd notify Apply, only I have no idea what address to use, and it's 6am and I've not slept yet (catching up to bugtraq from a 2 week holiday, wow, that Code Red thing was bad, glad I wasn't around when THAT baby hit, ho ho ho)

Nathan.

--
"The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows." - Frank Zappa




Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //