Preface: Telnet Bad EnvironmentLogo -Internet Security Systems

Telnet Bad Environment
advICE :Intrusions : 2000906
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Suspicious looking Telnet environmental variables have been sent to the server.

Details

Telnet has the ability for the client and server to exchange environmental variables. An environmental variable is some configuration parameter that all programs share. For example, all X Windows programs look for the "DISPLAY" environment variable in order to figure out which X terminal to use.

Multiple vulnerabilities have been discovered whereby the user of the Telnet client can carefully craft special environment variables designed to break into the machine. An example would be the variable "LIBPATH", which tells the system where to find shared libraries. Users that can create files on the system (e.g. using FTP, for example) can upload a shared library to the system, then point the path variables to that shared library. The Telnet server daemon will then attempt to load that shared library.

This is a fairly old problem and most systems have been patched against it. Most instances of this alert are from scanners testing systems to see if they might be vulernable to this problem.

Defense

Make sure the system is up to date with the latest patches.

 more information
BugtraqID: 659   Solaris Profiling File Creation Vulnerability
 
BugtraqID: 459   Multiple Vendor telnetd Vulnerability
 
BugtraqID: 43   SunOS LD_LIBRARY_PATH and LD_OPTIONS Vulnerability
 
BugtraqID: 648   FSF GNU glibc unsetenv Vulnerability
 
CERT: CA-95.14.Telnetd_Environment_Vulnerability  
 
CVE-1999-0073   Client specifies environment variables like LD_LIBRARY_PATH
 
Sam Hartman update  
 
BugtraqID: 1572   IRIX telnetd Environment Variable Format String Vulnerability
 
CVE-2000-0733  
  
 
Version appeared: 2.5
Privacy Policy |  Copyright Info