Date: Sat, 29 Sep 2001 22:21:21 -0600 (MDT) From: FreeBSD <freebsd@XtremeDev.com> To: Jason <jason@jason-n3xt.org> Cc: <questions@freebsd.org> Subject: Re: I was rooted using telnet Message-ID: <20010929221952.L22308-100000@Amber.XtremeDev.com> In-Reply-To: <Pine.BSF.4.21.0109300035320.291-100000@jason-n3xt.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm. I don't know of any other remote telnet exploits besides the one named in the advisory. As far as I knew, all telnet exploits were taken care of by 4.4-release. But then, something might have came up in the blackhat ring that hasn't been made public. Could you send the log to the list? Maybe someone who knows pentesting better might know a thing or two. I only pretend to know anything. d:) On Sun, 30 Sep 2001, Jason wrote: > I do recall the security notice. I read it on the website and from the > security list. I was already planning a cvsup at the time and I asked a > couple of BSD gurus I know if that when I update my sources by cvsup, > would that take care of the problem. They told me it would. So a couple > of days after I saw the security advisory I cvsuped from > cvsup2.FreeBSD.org (i usually only use 2 or 3) and thought the problem was > taken care of. I don't recall seeing any other advisories. > > ---- > Jason > jason@jason-n3xt.org > > > On Sat, 29 Sep 2001, FreeBSD wrote: > > > Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior > > to July 23 had a remotely rootable telnetd as per > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc > > > > On Sat, 29 Sep 2001, Jason wrote: > > > > > Hello: > > > > > > A couple of days ago I was rooted by someone using a telnet exploit. I > > > have been cvsup'ing my sources regularly and was using 4.4-RC at the > > > time. I've since moved to 4.4-STABLE. It looks like they used some kind > > > of script. I still have it if anyone wants it. Since then I have turned > > > off telnet in inetd and blocked the port with a firewall. > > > > > > Anyone have any ideas on how a person could do this? I looks like this > > > script just tries to move a lot of data for a long period of time. > > > > > > --- > > > Jason > > > jason@jason-n3xt.org > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010929221952.L22308-100000>