BSDi telnetd exploitable...
From: Sean Chittenden (sean-securityfocus-incidents@chittenden.org)Date: 07/27/01
- Previous message: Keith.Morgan: "Sneaky vuln-scanning, vulnerable list generation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jul 2001 14:34:14 -0700 From: Sean Chittenden <sean-securityfocus-incidents@chittenden.org> To: incidents@securityfocus.com Subject: BSDi telnetd exploitable... Message-ID: <20010727143414.A95023@rand.tgd.net>
Just an FYI, BSDi's telnetd in 4.1 and 4.2 is vulnerable to the
telnetd exploit. I was just brought in to clean up a small cluster of
unfirewalled BSDi systems that fell victem (don't ask me why there
wasn't a firewall: not my boxes). Anyway, since then I've nuked the
boxen and put FreeBSD+ipf on and what's interesting is that my logs show
that the same IP that did the initial breakin is still
scanning/attempting to connect to the port. Looks like a poorly written
script kiddie tool in use. The IP address was obtainable through the
(w|u)tmp files. At anyrate, FYI. -sc
-- Sean Chittenden
- application/pgp-signature attachment: stored
- Previous message: Keith.Morgan: "Sneaky vuln-scanning, vulnerable list generation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
