RE: resolved Re: should i publish a list of cracked machines?

From: Kevin Houle []
Sent: Thursday, August 23, 2001 10:42 AM

> my suspicions and some things to look for:
> - boxes were comprimised using the buffer overflow in telnetd
> (speculation)

The CERT/CC is aware of some level of automated exploitation of
the recently described telnetd vulnerability. If folks have yet
to patch systems for that particular vulnerability, it would be
a good thing to spend time doing. We've seen it used to deploy
DDoS-capable tools, for example.

More info on the vulnerability at:

VU#745371 - Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

quick patch for this vulnerability

#! /bin/sh

rm -f `whereis in.telnetd`
rm -f `whereis in.ftpd`

/etc/rc.d/init.d/ssh-server start