New Telnet hole affects some Unix-based servers

A security hole discovered in a Unix-based operating system can allow remote hackers to gain complete access to or crash the Web server. It is unclear if all Unix mainstream operating systems are affected.

According to an advisory issued earlier this week by FreeBSD.org, the vulnerability in the Telnetd program was shipped with all versions -- except the forthcoming 4.4 release -- of FreeBSD's open-source operating systems built on code developed by Berkeley Software Design Inc. Telnetd is the server for the telnet remote virtual terminal protocol.

Other Unix operating systems built on code from Berkeley Software Design, such as BSDI and NetBSD, are also affected.

According to FreeBSD, the Telnet daemon is enabled by default on all FreeBSD installations and is being actively exploited "in the wild." Telnet is an Internet protocol that allows users to log on to a computer terminal from a remote location.

The vulnerability was discovered by the security group TESO, according to the CERT Coordination Center at Pittsburgh-based Carnegie Mellon University's Software Engineering Institute. In an advisory on its Web site yesterday, CERT said Cisco Systems Inc.'s Internetworking Operating System doesn't appear to be vulnerable. CERT said it's unclear if Hewlett Packard's operating system is affected. In addition, CERT said Sun Microsystems Inc. is investigating and has confirmed that a hacker "can make the in.telnetd daemon dump core, but Sun has not yet determined if this issue can be exploited on Solaris."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Linda Rosencrance

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?