The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible Security hole: telnetd 1.3.x

To: wormley@mother.com (Steve Wormley)
Subject: Re: Possible Security hole: telnetd 1.3.x
From: joost@rulcmc.leidenuniv.nl (joost witteveen)
Date: Wed, 3 Sep 1997 13:41:27 +0200 (CEST)
Cc: tobias@et-inf.fho-emden.de, security@debian.org
Delivered-to: security@debian.org
In-reply-to: <Pine.LNX.3.94.970902162954.22339B-100000@step.mother.com> from Steve Wormley at "Sep 2, 97 04:43:34 pm"
Resent-cc: recipient list not shown: ;
Resent-date: 3 Sep 1997 11:41:50 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"YT0Ru.A.CUF.9zUD0"@debian>
Resent-sender: debian-private-request@lists.debian.org

> > Why do you think that somebody got in without a password? The lines
> > above only show that the last command that was executed was in.telnetd
> > (remember that the lastlog info is in reverse order). The lines above
> > look normal to me.
> > 
> Here's a more sane version(with a  little self hacked accounting reader)
> (and other logs thrown in... note there were no last entries for this
> login, but were entries before and after)
> 
> FFFF and 4CC are device ID's FFFF is obviously no controling TTY...
> 4CC is one of the pty's
> 
> Sep  2 00:56:09 demon in.telnetd[21161]: connect from the.ravennet.net
> root    in.telnetd      FFFF    Tue Sep  2 00:56:09 1997
> root    uname   4CC     Tue Sep  2 00:56:24 1997

> (Now, I cant even login as root from telnet...)
Nobody can, and nobody did. 

When anybody logs in over the network, in.telnetd is started (as root)
to handle the conneciton that's what you are seeing.

Just do
  telnet myhost
and then at the "login: " prompt, press ^D. I really think that that
will show an in.telnetd entry jus tlike the one above.


-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Follow-Ups:
- Re: Possible Security hole: telnetd 1.3.x
  - From: Steve Wormley <wormley@mother.com>
- Re: Possible Security hole: telnetd 1.3.x
  - From: Steve Wormley <wormley@mother.com>

References:
- Re: Possible Security hole: telnetd 1.3.x
  - From: Steve Wormley <wormley@mother.com>

Prev by Date: Re: Possible Security hole: telnetd 1.3.x
Next by Date: INFO#97.27047 Re: Denial-of-service attack against INETD. Redhat 4.X and others...
Previous by thread: Re: Possible Security hole: telnetd 1.3.x
Next by thread: Re: Possible Security hole: telnetd 1.3.x
Index(es):
- Date
- Thread