Kua kitea he ngoikoretanga i roto i te tūmau telnetd mai i te huinga GNU InetUtils. Mā tēnei ngoikoretanga ka taea te hono atu ki tētahi kaiwhakamahi, tae atu ki te pūtake, me te kore manatoko kupuhipa. Kāore anō kia tohua he tohu CVE. Kua noho te ngoikoretanga mai i te putanga 1.9.3 (2015) o InetUtils, ā, kāore anō kia whakatikatikaina i roto i te putanga 2.7.0 o nāianei. Kei te wātea he whakatikatika i roto i ngā papaki (1, 2).
Ko te take o te raruraru, hei tirotiro i te kupuhipa, ka karanga te tukanga telnetd i te taputapu "/usr/bin/login", ka tukuna hei tautohe te ingoa kaiwhakamahi i tohua e te kiritaki i te wā e hono ana ki tūmauKa tautokohia e te taputapu "takiuru" te kōwhiringa "-f", e āhei ai te takiuru me te kore e whakamanahia (ko te tikanga o tēnei kōwhiringa he whakamahi ina kua whakamanahia te kaiwhakamahi). Nō reira, mā te whakakapi i te kōwhiringa "-f" ki te ingoa kaiwhakamahi, ka taea e koe te hono atu me te kore e whakamanahia te kupuhipa.
Ki te hononga noa, kāore e taea te whakamahi i tētahi ingoa kaiwhakamahi pēnei i te "-f root," engari he aratau hononga aunoa tā Telnet e whakahohehia ana e te kōwhiringa "-a". I tēnei aratau, kāore te ingoa kaiwhakamahi e tangohia mai i te rārangi whakahau, engari ka tukuna mā te taurangi taiao USER. I te wā i karangatia ai te taputapu takiuru, i whakakapia te uara o tēnei taurangi taiao me te kore he tirotiro tāpiri, me te kore hoki e mawhiti i ngā tohu motuhake. Nō reira, hei hono atu hei kaiwhakamahi pakiaka, tautuhia noa te taurangi taiao USER ki te "-f root" ka hono atu ki te tūmau Telnet mā te whakamahi i te kōwhiringa "-a": $ USER='-f root' telnet -a server_name
I tāpirihia te huringa i whakauru mai ai te ngoikoretanga ki te waehere telnetd i te marama o Poutū-te-rangi 2015, ā, i whakatikahia tētahi take i aukati i te tautuhi i te ingoa kaiwhakamahi i roto i te aratau autologin me te kore he manatoko Kerberos. Hei otinga, i tāpirihia te tautoko mō te tuku i te ingoa kaiwhakamahi mō te aratau autologin mā tētahi taurangi taiao, engari i warewarehia he tirotiro whakamana mō te ingoa kaiwhakamahi mai i te taurangi taiao.
Source: opennet.ru
