telnetopen

Vulnerability Description

Brief description: There is an unpassworded login (usually telnet ) that prompts for a host name or address and provides a telnet window to that host.

Full description: The telnet daemon provides a virtual terminal interface to a remote host. If there is a generic account that gives access to the telnet server, then an attacker can hop from the existing system to any other system to obscure the trail.

Components: telnetd

Systems: any system running a telnet daemon

Effect(s) of exploiting: Anyone who can connect to the system can telnet anywhere

Detecting the hole:

1. If you have login access to the system: check the /etc/passwd file for a user telnet , or for any user whose login shell is a program that calls telnet .
2. If you do not have login access to the system, connect to it as the telnet . If you get a prompt asking for a host name, the system is vulnerable.

Fixing the hole:

1. You need login access to the system.
   1. Delete the user correcponding to the telnet user.

Other information:

Keywords

telnet authentication forward

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

Exploit Information

Attack: Try it.

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: ()

Other information:

Revision Number 1

1. Matt Bishop (6/21/2000):
   Initial entry