(fwd) SECURITY: ATTENTION SLACKWARE USERS!

Guy W Bzibziak guybz at world.std.com
Mon Nov 6 19:48:09 EST 1995 

Organization: The World Public Access UNIX, Brookline, MA

Xref: world comp.os.linux.announce:4726
Path: world!news.kei.com!newsfeed.internetmci.com!in1.uu.net!news.tele.fi!news.funet.fi!news.helsinki.fi!usenet
From: lorrie at mellers1.psych.berkeley.edu (Lorrie Wood)
Newsgroups: comp.os.linux.announce
Subject: SECURITY: ATTENTION SLACKWARE USERS!
Followup-To: comp.os.linux.networking
Date: Sat, 04 Nov 95 13:49:15 GMT
Organization: Dispossessed DuneMUSH Admins
Lines: 48
Approved: linux-announce at news.ornl.gov (Lars Wirzenius)
Message-ID: <cola-liw-815492955-22919-1 at oravannahka.helsinki.fi>
NNTP-Posting-Host: kruuna.helsinki.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----

	As many of you know by reading comp.security.announce, CERT has
issued a warning of possible security issues relating to inbound telnets
and shared libraries. This advisory says that all major Linux dists are
vulnerable, except Slackware, which is listed as 'possibly vulnerable.'
	I have spoken with the author of the in.telnetd used with 
Slackware, and he has told me that, YES, the Slackware-provided 
in.telnetd *IS* vulnerable. 
	I urge you, therefore, if you run Slackware with any TCP/IP
connectivity whatsoever, to download and install the fixed in.telnetd.
The author made made one available, andit lives at:

ftp.cymru.net:/pub/linux/security/in.telnetd.gz

	In Slackware 3.0, this should live in /usr/sbin/in.telnetd. 
	I don't know anything about any other distributions, or older
versions of Slackware. The author has given me permission to blather
on the newsgroups about the fix (probably to save him e-mail from 
concerned Linux users like myself), so consider yourselves blathered at.
	The CERT advisory itself is available at:

ftp://ftp.cert.org

	in directory:
	/pub/cert_advisories/CA-95:14.Telnetd_Environment_Vulnerability

	(sorry to split the URL up, but it was too long to fit on an 80-
char line).

- -- Lorrie


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMJttmIQRll5MupLRAQGOUQQAiI/lsRIxWxR7z/Q6ToXlhWhny8CbyZbd
30uAZZ/uUkgjTW9t5+qMvGFJ9NTWfJ938xjg6aeZfxCMLCwcyHaJgVy5COJISeIH
nuZMciLuKoI7zZje/e7F3Ci2w6DRpN1qaHXUFjytYxF7yj8Kqa/uU8c/+JnZ3fxX
ihoKuiQNq8s=
=zvKw
-----END PGP SIGNATURE-----

-- 
This article has been digitally signed by the moderator, using PGP.
Finger wirzeniu at kruuna.helsinki.fi for PGP key needed for validating signature.
Send submissions for comp.os.linux.announce to: linux-announce at news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.

--
**********************************************************************
Guy Bzibziak	*  "Walk! Not bloody likely. I am going in a taxi."
Boston, MA USA	*  - Pygmalion, by G. B. Shaw
----------------------------------------------------------------------
Internet:   guybz at world.std.com 	Compuserve: 71561,1703
Voice# (Days Only): 617-536-5200 	FAX# (Days Only): 617-536-0394
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

More information about the Discuss mailing list