 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Organization: The World Public Access UNIX, Brookline, MA Xref: world comp.os.linux.announce:4726 Path: world!news.kei.com!newsfeed.internetmci.com!in1.uu.net!news.tele.fi!news.funet.fi!news.helsinki.fi!usenet From: lorrie at mellers1.psych.berkeley.edu (Lorrie Wood) Newsgroups: comp.os.linux.announce Subject: SECURITY: ATTENTION SLACKWARE USERS! Followup-To: comp.os.linux.networking Date: Sat, 04 Nov 95 13:49:15 GMT Organization: Dispossessed DuneMUSH Admins Lines: 48 Approved: linux-announce at news.ornl.gov (Lars Wirzenius) Message-ID: <cola-liw-815492955-22919-1 at oravannahka.helsinki.fi> NNTP-Posting-Host: kruuna.helsinki.fi Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- As many of you know by reading comp.security.announce, CERT has issued a warning of possible security issues relating to inbound telnets and shared libraries. This advisory says that all major Linux dists are vulnerable, except Slackware, which is listed as 'possibly vulnerable.' I have spoken with the author of the in.telnetd used with Slackware, and he has told me that, YES, the Slackware-provided in.telnetd *IS* vulnerable. I urge you, therefore, if you run Slackware with any TCP/IP connectivity whatsoever, to download and install the fixed in.telnetd. The author made made one available, andit lives at: ftp.cymru.net:/pub/linux/security/in.telnetd.gz In Slackware 3.0, this should live in /usr/sbin/in.telnetd. I don't know anything about any other distributions, or older versions of Slackware. The author has given me permission to blather on the newsgroups about the fix (probably to save him e-mail from concerned Linux users like myself), so consider yourselves blathered at. The CERT advisory itself is available at: ftp://ftp.cert.org in directory: /pub/cert_advisories/CA-95:14.Telnetd_Environment_Vulnerability (sorry to split the URL up, but it was too long to fit on an 80- char line). - -- Lorrie -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMJttmIQRll5MupLRAQGOUQQAiI/lsRIxWxR7z/Q6ToXlhWhny8CbyZbd 30uAZZ/uUkgjTW9t5+qMvGFJ9NTWfJ938xjg6aeZfxCMLCwcyHaJgVy5COJISeIH nuZMciLuKoI7zZje/e7F3Ci2w6DRpN1qaHXUFjytYxF7yj8Kqa/uU8c/+JnZ3fxX ihoKuiQNq8s= =zvKw -----END PGP SIGNATURE----- -- This article has been digitally signed by the moderator, using PGP. Finger wirzeniu at kruuna.helsinki.fi for PGP key needed for validating signature. Send submissions for comp.os.linux.announce to: linux-announce at news.ornl.gov PLEASE remember a short description of the software and the LOCATION. -- ********************************************************************** Guy Bzibziak * "Walk! Not bloody likely. I am going in a taxi." Boston, MA USA * - Pygmalion, by G. B. Shaw ---------------------------------------------------------------------- Internet: guybz at world.std.com Compuserve: 71561,1703 Voice# (Days Only): 617-536-5200 FAX# (Days Only): 617-536-0394 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
