From owner-doc-jp@jp.freebsd.org  Sat Aug 25 03:04:31 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id DAA55940;
	Sat, 25 Aug 2001 03:04:31 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.160.21])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id DAA55935
	for <doc-jp@jp.freebsd.org>; Sat, 25 Aug 2001 03:04:26 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 6378 invoked from network); 25 Aug 2001 03:04:23 +0900
Received: from unknown (HELO mx.bl.mmtr.or.jp) (210.165.143.45)
  by mx.bl.mmtr.or.jp with SMTP; 25 Aug 2001 03:04:23 +0900
Date: Sat, 25 Aug 2001 03:08:07 +0900 (JST)
Message-Id: <20010825.030807.41628969.rushani@bl.mmtr.or.jp>
To: doc-jp@jp.freebsd.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <20010821.184307.74743884.hrs@eos.ocn.ne.jp>
References: <200108202155.f7KLtvK62776@freefall.freebsd.org>
	<20010821.184307.74743884.hrs@eos.ocn.ne.jp>
X-Mailer: Mew version 2.0 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Organization: Nagaoka National College of Technology
X-URL: http://www.bl.mmtr.or.jp/~rushani/
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: doc-jp 8363
Subject: [doc-jp 8363] Re: ANNOUNCE: FreeBSD Ports Security Advisory
 FreeBSD-SA-01:54.ports-telnetd
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: rushani@bl.mmtr.or.jp

$B$3$s$P$s$o!"ARIJ!w?73c$G$9!#(B

>>> On Tue, 21 Aug 2001 18:43:07 +0900 (JST), Hiroki Sato <hrs@eos.ocn.ne.jp> said:
> 
> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
> 
> 01:54 $B$G$9!#(B
>
[...]
> Due to incorrect bounds checking of data buffered for output to the
> remote client, an attacker can cause the telnetd process to overflow
> the buffer and crash, or execute arbitrary code as the user running
> telnetd, usually root.  A valid user account and password is not
> required to exploit this vulnerability, only the ability to connect to
> a telnetd server.
> 
> $B967b<T$O%j%b!<%H%/%i%$%"%s%H$X$N=PNO%G!<%?MQ%P%C%U%!$KB8:_$9$k(B
> $BIT@5$J6-3&%A%'%C%/$r0-MQ$9$k$3$H$G(B, telnetd $B%W%m%;%9$K(B

$B!V967b<T$O%j%b!<%H%/%i%$%"%s%H$X$N=PNO$N$?$a$K(B ($BLuCm(B: telnetd $B$,(B) $B%P%C%U%!(B
$B$7$?%G!<%?$N6-3&$rIT@5$K%A%'%C%/$r$9$k$3$H$G(B, telnetd $B%W%m%;%9$K!W(B

$B$H$7$?J}$,$o$+$j$,$$$$$G$9!#(B(^^;  $B;d$O!"(B

  _ telnet $BEy$N%/%i%$%"%s%H$X$N1~Ez$NMQ$K(B telnetd $B$K%G!<%?$N%P%C%U%!NN0h$,$"$k(B
  _ $B$=$NCf$K$$$/$D$b%P%C%U%!$,B8:_$7$F$$$k!#(B
  _ $B$=$N%P%C%U%!$4$H$N6-3&$r2x$7$2$K%A%'%C%/$9$k$HG$0U$N%3!<%H$,<B9T$G$-(B
    $B$?$j!"(Btelnetd $B$r$U$CHt$P$9$3$H$,2DG=(B

$B$H$$$&Iw$KM}2r$7$?$s$G$9$,!$$=$l$G$"$C$F$^$9$+(B?

> 2) Impose access restrictions using TCP wrappers (/etc/hosts.allow),
> or a network-level packet filter such as ipfw(8) or ipf(8) on the
> perimeter firewall or the local machine, to limit access to the telnet
> service to trusted machines.
> 
> 2) $B%U%!%$%"%&%)!<%k$"$k$$$O%m!<%+%k%^%7%s>e$G(B TCP wrappers (/etc/hosts.allow)
>    $B$b$7$/$O(B ipfw(8) $B$d(B ipf(8) $B$H$$$C$?%M%C%H%o!<%/%l%Y%k$N%Q%1%C%H%U%#%k%?$r(B
>    $BMQ$$$F%"%/%;%9@)8B$r9T$J$$(B, telnet $B%5!<%S%9$r?.Mj$G$-$k%^%7%s$K(B
>    $B@)8B$7$^$9(B.

$B!V@)8B$7$F6!5k$7$^$9(B.$B!W(B

$B$NJ}$,$h$5$=$&$G$9!#(B

----
Hideyuki KURASHINA		Department of Mechanical Engineering, 
rushani@bl.mmtr.or.jp		Nagaoka National College of Technology
