US Government re-issues telnet warning
A warning has been re-issued by the National Infrastructure Protection Centre (NIPC)
about a vulnerability in the telnet daemon program following "numerous reports" of intruders
exploiting the hole. The NIPC, part of the US government, also fears that users may face a
flood of worms that attack the vulnerable program using a buffer overflow technique,
following the recent discovery of a Unix worm, 'x.c'.
The vulnerability was originally detected in July, primarily affecting FreeBSD-derived telnet
daemons, such as those found in Solaris, AIX and some Linux distributions.
A warning has been re-issued by the National Infrastructure Protection
Centre (NIPC) about a vulnerability in the telnet daemon program following
"numerous reports" of intruders exploiting the hole.
The NIPC, part of the US government, also fears that users may face a flood
of worms that attack the vulnerable program using a buffer overflow
technique, following the recent discovery of a Unix worm, 'x.c'.
The vulnerability was originally detected in July, primarily affecting
FreeBSD-derived telnet daemons, such as those found in Solaris, AIX and
some Linux distributions.
Recently the x.c worm, which exploits the hole, was discovered, prompting
the NIPC to step up its efforts to convince users to install the relevant patch.
The authority also warned that "other malicious code variants could take
advantage of the same vulnerability."
"Due to the increase of these reports and with the activity of a new worm
that has targeted this vulnerability, the NIPC urges consumers to contact
their vendors to obtain the appropriate fix," the advisory added.
A list of vulnerable systems, along with links to vendor patches, can be
obtained here.
The original CERT advisory can be found here.
