Scott, On Sat, 17 Feb 2007, Cromar Scott wrote:
I have to wonder if the "old bug" complaints are coming in reference to one of the following: http://www.securityfocus.com/bid/3064/info http://www.securityfocus.com/bid/5531/info I know that my initial reaction was "haven't I seen this before?" but the above two are what I found in my notes when I looked back. (Note that the second of the two is reported to actually reference a problem with login and not in.telnetd.)
The second vulnerability you mention was indeed affecting System V derived login. Furthermore, it was exploitable through a common telnet client (via the TTYPROMPT trick [1], which somehow reminds me of the recent Solaris 10 exploit), locally, or through other attack vectors, such as rlogin [2] and even X.25 pad daemon, without the need to specify TTYPROMPT at all.
[1] http://archive.cert.uni-stuttgart.de/bugtraq/2002/10/msg00020.html [2] http://www.0xdeadbeef.info/exploits/raptor_rlogin.c Cheers, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
