Date: Wed, 13 Mar 96 08:42:29 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: invalid opcode <coredump@nervosa.com> Cc: Thomas J Balfe <tbalfe@tioga.com>, freebsd-security@freebsd.org Subject: Re: CA-95:14 Message-ID: <199603131642.IAA19150@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Tue, 12 Mar 96 15:37:03 PST." <Pine.BSF.3.91.960312153623.9840C-100000@nervosa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, 12 Mar 1996, Thomas J Balfe wrote:
>
> > Does 2.1R have the RFC 1408 or RFC 1572 telnetd_environment_vulnerability
> > bug worked out of it, or do I have to apply a patch? Are there any other
> > things that I should apply to 2.1R? Thanks.
> > Thomas J Balfe
>
> As far as I can tell (strings /usr/bin/telnet | grep -i LD), it doesn't
> appear to be present.
Actually, if you strings /usr/libexec/telnetd | grep LD and it doesn't appear to
be present you have the problem. Another test would be to perform the
following:
telnet
telnet> environ define LD_LIBRARY_PATH=/foobar
telnet> environ export LD_LIBRARY_PATH
telnet> open localhost
..... log in .....
$ printenv | grep LD_LIBRARY_PATH or echo $LD_LIBRARY_PATH
If LD_LIBRARY_PATH is /foobar or if you get a loader message indicating it
cannot find /foobar you have the problem.
As far as I could tell in January when I got my 2.1R CDROM, FreeBSD does not
have the problem. 2.0.5R, however, does.
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603131642.IAA19150>