Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: telnetd6.htm

Ssl(-mz)telnet File overwrite vulnerability



Vulnerability

    ssl(-mz)telnet

Affected

    Systems using ssl(-mz)telnet

Description

    Christoph Martin found following.  There is a security hole in the
    versions  0.9.2  and  0.11.1  of  SSL(-MZ)telnet.   telnetd  has a
    debugging function in it which writes to /tmp/SSL.log.  Some calls
    to this  function where  not removed  in the  release version.  If
    someone would link /tmp/SSL.log to  a system file and then  telnet
    into the machine the system file would be corrupted.

Solution

    All users of ssltelnet should update to the newest version, which
    is 0.11.2. It is availlable from:

        ftp://ftp.uni-mainz.de/pub/internet/security/ssl/SSL-MZapps/SSL-MZtelnet-0.11.2.tar.gz

    or  from  it's  mirrors.   A  new  Debian  Linux  version was also
    released and will appear soon on:

        ftp://nonus.debian.org/pub/debian-non-US.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH