home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!gatech!bloom-beacon!eru.mt.luth.se!lunic!sunic!nobeltech!ppan
- From: ppan@nobeltech.se (Per Andersson)
- Newsgroups: comp.unix.ultrix
- Subject: Re: lattelnet vs security
- Message-ID: <1992Aug20.112401.21115@nobeltech.se>
- Date: 20 Aug 92 11:24:01 GMT
- References: <JBRYANS.92Aug19104251@wren.csulb.edu>
- Organization: NobelTech AB
- Lines: 22
-
- In article <JBRYANS.92Aug19104251@wren.csulb.edu> jbryans@beach.csulb.edu (Jack Bryans) writes:
- >I've heard that DEC has security patches for lattelnet. Yet, recent postings
- >suggest that, patched or not, lattelnet has gaping, glaring security holes.
- >
- >There wasn't enough information in the postings to differentiate among
- >opinion, experiment, observation, etc. Can anyone provide more info? You
- >can mail to usenet@csulb.edu, or root@csulb.edu, if you prefer.
-
- The main problem I know of, and that has been discussed on Usenet before, is
- that Ultrix 4.x and up has a 'suspend' command. Since lattelnet runs as root,
- and executes ordinary telnet, it's a wide hole.
- Easy fix - get the BSD telnet, take away suspend, and be happy.
- Hard way - get fixes from DEC.
-
- If anybody knows any other bad security leaks I'm very interested.
-
- /Per
- --
- -----------------------------------------------------------------------------
- Per Andersson - ppan@nobeltech.se (perand@stacken.kth.se on free time)
- Managing networks at, but not speaking for Nobeltech AB, J{rf{lla, Sweden
- -----------------------------------------------------------------------------
-
