Re: in.telnetd vulnerability??

From: Derrick Scholl (Derrick.Scholl@eng.sun.com)
Date: 08/03/01


Message-Id: <200108031510.f73FAvb878228@jurassic.eng.sun.com>
Date: Fri, 3 Aug 2001 08:10:58 -0700 (PDT)
From: Derrick Scholl <Derrick.Scholl@eng.sun.com>
Subject: Re: in.telnetd vulnerability??
To: focus-sun@securityfocus.com, stlburks@indiana.edu


> I find nothing in SunSolve about the recent BSD based telnetd vulnerabilities.
> Is it Sun position that this is not a problem for Solaris telnet?
>
> Steph
>

Hi Steph,

There is a bug in Solaris' telnet that allows you to crash the
local session, but that's the extent of what we've found so far.

We're fixing that and continuing to investigate whether or not
an exploit is possible, but we haven't been able to find one and
nothing has been reported to us.

Derrick
Sun Security Coordinator