Date: 25 July 2001
Click here for printable version
Click here for PGP verifiable version
AusCERT Update - Serious Vulnerabilities in telnetd and tcpdump
25 July 2001
-----BEGIN PGP SIGNED MESSAGE-----
Dear AusCERT member,
AusCERT is aware of two serious vulnerabilities, one of which we have
received reports of being actively exploited from Australian sites.
Members are advised to remain aware of the potential for these to
adversely affect their sites and are encouraged to make sure that their
systems are protected.
telnetd
-------
A buffer overflow has been detected in versions of telnetd
derived from BSD source code that can allow an attacker to gain
root privileges on the affected machine. An existing account is not
required for this vulnerability to be exploited, only the ability
to connect to the server.
AusCERT has received reports of this vulnerability being exploited,
and has recently redistributed the following security advisories:
FreeBSD-SA-01:49.telnetd - telnetd contains remote buffer
overflow
ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2001.306
CERT Advisory CA-2001-21 Buffer Overflow in telnetd
ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2001.312
Sites who think they may be affected should check for vendor
specific information within the CERT/CC advisory above, or if it is
not present contact their vendor directly. If telnet is not required
on the server it should be disabled, although it is important to
ensure that this is the case before doing so. If you believe your
system may be vulnerable, you may wish to block access to the telnet
service from outside of your network. This will not protect you from
an attack from within your network, so it is important to apply any
relevant patches as soon as possible.
AusCERT will be monitoring this issue and will update members in the
event of any developments.
tcpdump
-------
There is a buffer overflow in BSD versions of tcpdump which can allow
an attacker to crash the tcpdump process or execute arbitrary code
as the user running tcpdump, usually root.
AusCERT has redistributed a FreeBSD security advisory on this issue,
which can be found at:
ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2001.296
Sites who think they may be vulnerable to this problem should shut
down the tcpdump process and upgrade it to a non-vulnerable version.
Consult your vendor for more information on this process.
AusCERT is not aware of any activity directed towards this
vulnerability at this point in time, but we will be monitoring
this issue and will update members in the event of any
developments.
AusCERT stresses that these vulnerabilities have the potential to
adversely affect member sites, and we encourage system administrators to
be alert to evidence of any activity on their systems that may indicate
the existence of an intruder.
AusCERT is very interested in any reports regarding attempts to exploit
these vulnerabilities. If you have any information, comments or questions
about these vulnerabilities, please contact us.
Please let us know if we can be of further assistance regarding these
issues.
Regards,
The AusCERT Team.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AUSCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
Facsimile: (07) 3365 7031
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBO17pIyh9+71yA2DNAQEG1gP6AhgptxfZlJ5G8XyizGrov4lSTuBk2ovC
IsfqArrP/V+eT7T9xypj4A2EKQ/2ZQvQcLaCZId9WrBbfHOBK1L4kdA+n+EIthaF
dByKpwmLQMLN2ho77xDwhtG1DIVJGFvQ/s3WvZ73T0hJZK3hM3PNeCqRkuSbgGQ3
d1uKYm4vBhY=
=nnB5
-----END PGP SIGNATURE-----
|