On Friday 15 March 2002 19.13, Sven Michels wrote:
Anders Johansson wrote:
On Friday 15 March 2002 19.08, Sven Michels wrote:
stop your (hopefully not running, cause its insecure ;) telnetd(aemon).
It's only insecure if it's used on the open net where it can be snooped. There's nothing insecure about the server as such. At least I haven't heard about any exploits against it.
then you've missed something really important.
http://linux.oreillynet.com/pub/a/linux/2001/07/23/insecurities.html
1. article dated 07/23/2001, hopefully there is a fix by now 2. Already at the time of writing, the current linux telnet daemons were unaffected by the bug. 3. Yes, telnet like any server can have buffer overflows or other remotely exploitable bugs, but it's not in any way different in this from other servers. If you have a local net where you have control of root on all systems so you don't have to worry about sniffers, you can run telnetd without any more worry than with your other services. Yes you have to monitor security lists for items such as the above, but it's not an item of special concern. //Anders