Date: Fri, 21 Aug 1998 14:52:56 +0200
From: Christoph Martin <martin@UNI-MAINZ.DE>
To: BUGTRAQ@netspace.org
Subject: ssl(-mz)telnet with /tmp raise
-----BEGIN PGP SIGNED MESSAGE-----
There is a security hole in the versions 0.9.2 and 0.11.1 of
SSL(-MZ)telnet.
All users of ssltelnet should update to the newest version, which is
0.11.2. It is availlable from
ftp://ftp.uni-mainz.de/pub/internet/security/ssl/SSL-MZapps/SSL-MZtelnet-0.11.2.tar.gt
or from it's mirrors.
A new Debian Linux version was also released and will appear soon on
ftp://nonus.debian.org/pub/debian-non-US.
Description of the problem:
telnetd has a debugging function in it which writes to
/tmp/SSL.log. Some calls to this function where not removed in the
release version. If someone would link /tmp/SSL.log to a system file
and then telnet into the machine the system file would be corrupted.
Christoph Martin
- --
Christoph Martin, Uni-Mainz, Germany
Internet-Mail: Christoph.Martin@Uni-Mainz.DE
- --------------export-a-crypto-system-sig -RSA-3-lines-PERL------------------
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: type 'finger -l martin@mail.uni-mainz.de' to get PGP public key
iQEVAwUBNd1tsG4/9k35XC9tAQEq7QgA0JFvms8pI3Ryf9kX55Xaw2OsV4Jz1R/F
NCCj/Oxu0U1RLtW+xKGfjZqM2ggEBe/NRwNkytqlzX9ZTTCavx5UeAfxT0pb9LBi
5uuHe9/khCac9c9HLh6BObCylTWvmdc8rS/8VMP46Sr9yM0SB8i74iOWKkqJJFdL
znyes+d53fb9yGv7Yf10PjUywXAaNfyxIjDNMvvfCncVvZJJ3Y+Z3DMBkAX4eWGq
lne8EPoiV31EBAaODvRxlN6W2SLqg5h3wZNEgXeinRDdYOdXtFR56SA+3mbc8Qi9
XsAT36QdjOXdCyUAfDLywYlbeyuwFoVA9jz5WILt910z4HsaJ3mJBg==
=+QH3
-----END PGP SIGNATURE-----
