In article <2rdghl$i8l@apollo.west.oic.com>,
Matthew Dillon <dillon@apollo.west.oic.com> wrote:
> The problem appears to be with telnetd not checking the validity of the
> user name that is passed to it via the 'l' option:
>
> -l -fuser
> ^
> telnetd just passes "-fuser" to /bin/login as the user name without
> checking to see if it is valid user name.
>
> The fix is easy, just fix the telnetd sources to check all arguments
> passed to it for validity. The -l option appears to be the only one
> with a hole.
>
> So.... whoever controls the telnetd source, please fix this!
>
The problems effect rshd, rlogind, and telnetd. Fixes have been
provided by Fred van Kempen and are available on sunsite.unc.edu
in /pub/Linux/Incoming/net-security-fix.tar.
Everyone who has a linux box on the net, should install these
fixes immediately!
cheers,
jem.
-- jem@sunsite.unc.edu\/SunSITE admin