Patch-ID# 100125-05
Keywords:  telnet, previous sessions output, security
Synopsis: SunOS 4.0.3,4.1,4.1.1:after telnet session aborts, new session gets previous output
Date: 08/July/91
 
SunOS release: 4.0.3, 4.0.3c, 4.1, 4.1.1
 
Unbundled Product: 
 
Unbundled Release:
 
Topic: 
 
BugId's fixed with this patch: 1054669 1050269 1049886 1042370 1033809

Architectures for which this patch is available: all sun3, sun4

Patches which may conflict with this patch: 

Obsoleted by: 4.1.2

Problem Description: 

1)
       A program was shown to take advantage of telnet in a manner that 
       allowed passwords and login strings to be snooped when a user logged
       in using telnet.

2)     When a user telnets into another host, starts running a command that
       outputs to the terminal in the background, and terminate the telnet
       session.
       Then starts a new telnet session to the same system the new telnet 
       session may get output from the previous session.

INSTALL: 

Install all patches as root.

FOR SunOS 4.1, 4.1.1

mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
chmod 600 /usr/etc/in.telnetd.FCS
cp `arch -k`/4.1.1/in.telnetd /usr/etc/in.telnetd
chmod 711 /usr/etc/in.telnetd
chown root /usr/etc/in.telnetd
chgrp staff /usr/etc/in.telnetd

 kill any existing in.telnetd that is running. Or run shutdown(8) and
 reboot the system. 

FOR SunOS 4.0.3, 4.0.3c

mv /usr/etc/in.telnetd /usr/etc/in.telnetd.FCS
mv /usr/etc/in.rlogind /usr/etc/in.rlogind.FCS
chmod 600 /usr/etc/in.telnetd.FCS
chmod 600 /usr/etc/in.rlogind.FCS 
cp `arch -k`/4.0.3/in.telnetd /usr/etc/in.telnetd
cp `arch -k`/4.0.3/in.rlogind /usr/etc/in.rlogind
chmod 711 /usr/etc/in.telnetd
chmod 711 /usr/etc/in.rlogind
chown root /usr/etc/in.telnetd
chown root /usr/etc/in.rlogind
chgrp staff /usr/etc/in.telnetd
chgrp staff /usr/etc/in.rlogind

