Patch-ID# 100125-02
Keywords:  telent, previous sessions output, security
Synopsis: SunOS 4.1, 4.1.1 :after telnet session aborts, new session gets pervious output
Date: 21/Mar/91
 
SunOS release: 4.1, 4.1.1
 
Unbundled Product: 
 
Unbundled Release:
 
Topic: 
 
BugId's fixed with this patch: 1054669 1050269 1049886 1042370 1040722 1033809


Architectures for which this patch is available: all sun3, sun4

Patches which may conflict with this patch: 

Obsoleted by: SYS_V Rel 4

Problem Description: 

1)
       A program was shown to take advantage of telnet in a manner that 
       allowed passwords and login strings to be snooped when a user logged
       in using telnet.

2)     When a user telnets into another host starts running a command that
       outputs to the terminal in background terminate the telnet session.
       start a new telnet session to the same system the new telnet session
       will get output from the previous session.

INSTALL: 

  # mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
  # chmod 600 /usr/etc/in.telnetd.FCS (as a precaution, after verifying the new version,
                                       the old version should be removed)
  # cp sun{3,3x,4,4c}/in.telnetd /usr/etc/in.telnetd
  # chmod 755 /usr/etc/in.telnetd
  # chown root /usr/etc/in.telnetd
  # chgrp staff /usr/etc/in.telnetd

 kill any existing in.telnetd that is running.