[Prev][Next][Index]

[comp.os.linux.announce] SECURITY: ATTENTION SLACKWARE USERS!



------- Start of forwarded message -------
Newsgroups: comp.os.linux.announce
Subject: SECURITY: ATTENTION SLACKWARE USERS!
From: lorrie@mellers1.psych.berkeley.edu (Lorrie Wood)
Date: Sat, 04 Nov 95 13:49:15 GMT
Followup-To: comp.os.linux.networking
Organization: Dispossessed DuneMUSH Admins
NNTP-Posting-Host: kruuna.helsinki.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----

	As many of you know by reading comp.security.announce, CERT has
issued a warning of possible security issues relating to inbound telnets
and shared libraries. This advisory says that all major Linux dists are
vulnerable, except Slackware, which is listed as 'possibly vulnerable.'
	I have spoken with the author of the in.telnetd used with 
Slackware, and he has told me that, YES, the Slackware-provided 
in.telnetd *IS* vulnerable. 
	I urge you, therefore, if you run Slackware with any TCP/IP
connectivity whatsoever, to download and install the fixed in.telnetd.
The author made made one available, andit lives at:

ftp.cymru.net:/pub/linux/security/in.telnetd.gz

	In Slackware 3.0, this should live in /usr/sbin/in.telnetd. 
	I don't know anything about any other distributions, or older
versions of Slackware. The author has given me permission to blather
on the newsgroups about the fix (probably to save him e-mail from 
concerned Linux users like myself), so consider yourselves blathered at.
	The CERT advisory itself is available at:

ftp://ftp.cert.org

	in directory:
	/pub/cert_advisories/CA-95:14.Telnetd_Environment_Vulnerability

	(sorry to split the URL up, but it was too long to fit on an 80-
char line).

- -- Lorrie


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMJttmIQRll5MupLRAQGOUQQAiI/lsRIxWxR7z/Q6ToXlhWhny8CbyZbd
30uAZZ/uUkgjTW9t5+qMvGFJ9NTWfJ938xjg6aeZfxCMLCwcyHaJgVy5COJISeIH
nuZMciLuKoI7zZje/e7F3Ci2w6DRpN1qaHXUFjytYxF7yj8Kqa/uU8c/+JnZ3fxX
ihoKuiQNq8s=
=zvKw
-----END PGP SIGNATURE-----

-- 
This article has been digitally signed by the moderator, using PGP.
Finger wirzeniu@kruuna.helsinki.fi for PGP key needed for validating signature.
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.
------- End of forwarded message -------