(MacOS Also Vulnerable) Re: Telnet Daemons May Give Remote Users Root Level Access Privileges
SecurityTracker Alert ID: 1002107|
SecurityTracker URL: http://securitytracker.com/id/1002107
(Links to External Site)
Date: Jul 29 2001
Execution of arbitrary code via network, Root access via network, User access via network|
TESO reported that many BSD-derived Telnet daemons (servers) contain a vulnerability that may allow a remote user to obtain root level access on the server.|
A user reports that the telnet server on Mac OS X is also vulnerable. For details about the vulnerability, see the Message History.
A remote user can execute arbitrary code on the server with the privileges of the telnet server, which is typically root level privileges.|
No solution was available at the time of this entry.|
|Underlying OS: Apple (Legacy "classic" Mac)|
|Underlying OS Comments: many Linux and Unix OSs are vulnerable, but not all - see the Alert text for more information|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: Mac OS X & Darwin/BSD vulnerable to telnetd overflow|
[titanium:~/desktop] chrome% ./SPtelnetAYT localhost
Telnetd AYT overflow scanner, by Security Point(R)
Connected to remote host...
Sending telnet options... stand by...
Telnetd on localhost vulnerable
[titanium:~/desktop] chrome% telnet localhost
Connected to localhost.stupendous.net.
Escape character is '^]'.
Darwin/BSD (titanium) (ttyp5)
Note that by default telnet is disabled in /etc/inetd.conf (as are
most things, except for portmapper/NFS, ugh) so the impact should be
minimal. If you're not using the OpenSSH included with OS X, you're
This was tested successfully on Mac OS X 10.0.4 from both the local
machine, and from a remote Sparc Solaris 2.7 host.
I'd notify Apply, only I have no idea what address to use, and it's
6am and I've not slept yet (catching up to bugtraq from a 2 week
holiday, wow, that Code Red thing was bad, glad I wasn't around when
THAT baby hit, ho ho ho)
"The computer can't tell you the emotional story.
It can give you the exact mathematical design, but
what's missing is the eyebrows." - Frank Zappa