Results 1 to 3 of 3
  1. #1
    Join Date
    Apr 2001
    Location
    Palm Beach, FL
    Posts
    1,097

    FreeBSD Admins: serious telnetd exploit

    If you are running FreeBSD (any version 3.1+ (including 4.3-STABLE)) and you are running telnetd, you are vulnerable to this attack.

    My suggestion is to patch your telnetd with the link below and turn off telnet access. This is a serious exploit that will both consume large amounts of your bandwidth (due to the nature of the attack) and give the attacker full root access. Any script kiddie can do this -- the exploit is easy to use.

    ftp://ftp.freebsd.org/pub/FreeBSD/CE...ages/SA-01:49/
    Alex Llera
    Professional Server Management
    FreeBSD|Linux|HSphere|Cpanel|Plesk

  2. #2

    Re: FreeBSD Admins: serious telnetd exploit

    Originally posted by allera
    My suggestion is to patch your telnetd with the link below and turn off telnet access.
    Why patch it AND turn it off? I mean, if you turn it off, what is the use of patching? Since you can't use it then...

  3. #3
    Join Date
    Apr 2001
    Location
    Palm Beach, FL
    Posts
    1,097
    Why not be safe about it? Why would you want to leave an unpatched binary on your server? All you are doing is downloading a new telnetd binary and replacing the existing one on your server. I think it's worth 5 minutes of your time to _potentially_ save 5 hours or more of headaches later.
    Alex Llera
    Professional Server Management
    FreeBSD|Linux|HSphere|Cpanel|Plesk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •