The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible Security hole: telnetd 1.3.x

> When anybody logs in over the network, in.telnetd is started (as root)
> to handle the conneciton that's what you are seeing.
> 
> Just do
>   telnet myhost
> and then at the "login: " prompt, press ^D. I really think that that
> will show an in.telnetd entry jus tlike the one above.

No it won't, it will just show an in.telnetd...
it wont fork uname(or bash, etc), it wont cause an interactive login
(although it does allocate a pty no processes will get run on it until a
login is successful)(er actually failed logins will show login exiting
from the pty)
it wont show a user catting a password file for a sutable target account.
it won't then show the user logging into that account.

And that's all it did...
root    in.telnetd      FFFF    Wed Sep  3 08:09:52 1997
root    login   4C5     Wed Sep  3 08:09:52 1997
(in.telnetd forked, execed login, which then exited due to ^D no uname
nothing else...)



                          Steve Wormley
               Systems Administrator of Mother.COM
   E-Mail: wormley@mother.com		Office:916.757.8070




--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .