Re: [bug-inetutils] telnet security advisory

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] telnet security advisory

From:	Alfred M. Szmidt
Subject:	Re: [bug-inetutils] telnet security advisory
Date:	Mon, 03 Oct 2011 17:21:06 -0400

    #  cat evil-file | telnet 127.0.0.1 80
   Trying 127.0.0.1...
   Connected to 127.0.0.1.
   Escape character is '^]'.

   telnet> !id
   uid=0(root) gid=0(root)
   groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),1
   0(wheel),19(log)
   Connection closed by foreign host.

   I think is very dangerous despite of few admins use telnet for
   moving file like this, there is attached a detailed security
   advisory.

Good analysis, but I agree with Simon.  This isn't a bug, it is no
different than:

  cat evil-file | sh

when running as root.  If you want to be safe, base64 encode your file
first before transfer; or use the -E flag.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-inetutils] telnet security advisory, Simon Josefsson, 2011/10/02
- Re: [bug-inetutils] telnet security advisory, sha0, 2011/10/03
  - Re: [bug-inetutils] telnet security advisory, Simon Josefsson, 2011/10/03
- Re: [bug-inetutils] telnet security advisory, Alfred M. Szmidt <=

Prev by Date: Re: [bug-inetutils] telnet security advisory
Next by Date: Re: [bug-inetutils] Help Request
Previous by thread: Re: [bug-inetutils] telnet security advisory
Next by thread: [bug-inetutils] ... yes, I'm still alive
Index(es):
- Date
- Thread