Patch-ID# 100125-05
Keywords:  telnet, previous sessions output, security
Synopsis: SunOS 4.0.3,4.1,4.1.1:after telnet session aborts, new session gets previous output
Date: 08/July/91
 
SunOS release: 4.0.3, 4.0.3c, 4.1, 4.1.1
 
Unbundled Product: 
 
Unbundled Release:
 
Topic: 
 
BugId's fixed with this patch: 1054669 1050269 1049886 1042370 1033809

Architectures for which this patch is available: all sun3, sun4

Patches which may conflict with this patch: 

Obsoleted by: SYS_V Rel 4

Problem Description: 

1)
       A program was shown to take advantage of telnet in a manner that 
       allowed passwords and login strings to be snooped when a user logged
       in using telnet.

2)     When a user telnets into another host, starts running a command that
       outputs to the terminal in the background, and terminate the telnet
       session.
       Then starts a new telnet session to the same system the new telnet 
       session may get output from the previous session.

INSTALL: 

FOR SunOS 4.1, 4.1.1

  # mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
  # chmod 600 /usr/etc/in.telnetd.FCS (as a precaution, after verifying the new version,
                                       the old version should be removed)
  # cp sun{3,3x,4,4c}/4.1.1/in.telnetd /usr/etc/in.telnetd
  # chmod 711 /usr/etc/in.telnetd
  # chown root /usr/etc/in.telnetd
  # chgrp staff /usr/etc/in.telnetd

 kill any existing in.telnetd that is running. Or run shutdown(8) and
 reboot the system. 

FOR SunOS 4.0.3, 4.0.3c

(NOTE sun4c is the only machine that runs SunOS 4.0.3c, please subsitute 4.0.3c 
 for 4.0.3 in the command line below for that architecture ie 
 cp sun4c/4.0.3c/in.telnetd /usr/etc/in.telnetd ect..)



  # mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
  # mv /usr/etc/in.rlogind /usr/etc/in.rlogind.FCS
  # chmod 600 /usr/etc/in.telnetd.FCS (as a precaution, after verifying the new version, the old version should be removed)
  # chmod 600 /usr/etc/in.rlogind.FCS 
  # cp sun{3,3x,4,4c}/4.0.3/in.telnetd /usr/etc/in.telnetd
  # cp sun{3,3x,4,4c}/4.0.3/in.rlogind /usr/etc/in.rlogind
  # chmod 711 /usr/etc/in.telnetd
  # chmod 711 /usr/etc/in.rlogind
  # chown root /usr/etc/in.telnetd
  # chown root /usr/etc/in.rlogind
  # chgrp staff /usr/etc/in.telnetd
  # chgrp staff /usr/etc/in.rlogindtelnetd