deftel

Vulnerability Description

Brief description: the telnet (8) service is running

Full description: The telnet daemon authenticates by using cleartext login names and passwords. As the passwords are reusable, its use leaves the system open to attack when passwords are sniffed or otherwise obtained.

Components: telnetd

Systems: any system running a telnet daemon

Effect(s) of exploiting: Anyone who knows a user's password, or can get it, can connect.

Detecting the hole:

1. If you have login access to the system: check the /etc/inetd.conf file for the telnetd entry.
2. If you do not have login access to the system, probe on TCP port 23. This is the port telnetd normally listens on.

Fixing the hole:

1. You need login access to the system.
   1. Edit the /etc/inetd.conf file and locate the line for the telnetd service.
   2. Comment it out.
   3. Send a HUP (1) signal to the inetd (8) daemon to force it to reread the configuration file.

Other information:

Keywords

rexec authentication server

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0619 -- The telnet service is running.

Exploit Information

Attack: Guess a password and try it. If it fails, try another.

Related Information

Advisories: ISS X-Force security advisory Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations gives an example of a problem with telnet .

Related Vulnerabilities: none yet

Reportage

Reporting: ()

Other information:

Revision Number 1

1. Matt Bishop (6/21/2000):
   Initial entry