TUCoPS :: Macintosh :: 9115.txt

Mac/PC NCSA Telnet Vulnerability

DDN Security Bulletin 9115       DCA DDN Defense Communications System
11 Sept 91              Published by: DDN Security Coordination Center
                                     (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  []
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9001).

                   Mac/PC NCSA Telnet Vulnerability

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!                                                                       !
!     The following important  advisory was  issued by the Computer     !
!     Emergency Response Team (CERT)  and is being relayed unedited     !
!     via the Defense Communications Agency's Security Coordination     !
!     Center  distribution  system  as a  means  of  providing  DDN     !
!     subscribers with useful security information.                     !
!                                                                       !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

CA-91:15                        CERT Advisory
                               September 10, 1991
			Mac/PC NCSA Telnet Vulnerability


The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability in the default
configurations of National Center for Supercomputing Applications
(NCSA) Telnet for both the Macintosh and the PC.  The vulnerability
also affects the version of NCSA Telnet with IBM 3270 terminal
emulation distributed by Clarkson University.  Two workarounds are
available that correct this problem.

NCSA has committed to changing the default configurations in future
releases.  Maintenance updates for both the Macintosh and the PC are
planned to be released in about 2 months.

NCSA provides two e-mail addresses for Telnet questions, comments,
and bug reports:

     PC Telnet		pctelnet@ncsa.uiuc.edu
     Mac Telnet		mactelnet@ncsa.uiuc.edu


I.   Description

     The default configuration of NCSA Telnet for both the Macintosh
     and the PC has a serious vulnerability in its implementation of
     an ftp server.

     The default configuration file enables ftp via the "ftp=yes"
     line.  However, sites should be aware that ftp is also enabled
     in the absence of any ftp statement in the configuration file.

II.  Impact

     Any Internet user can connect via ftp to a PC or Macintosh
     running the default configuration of NCSA Telnet and gain
     unauthorized read and write access to any of its files, including
     system files.

III. Solution
     Either disable ftp server functionality or provide password
     protection as described below.

     To disable the ftp server, add an "ftp=no" line in the
     configuration file.

     If the ftp server option is enabled (via either an "ftp=yes" line 
     in the configuration file or the absence of an ftp statement in the 
     configuration file), then the Telpass program (included with both 
     Mac and PC versions) can be used to provide password protection.  
     Telpass is used to enter usernames and encrypted passwords into a 
     password file.  The configuration file specifies the name and 
     location of the password file in the "passfile=" statement.  The 
     usage of Telpass is documented in Chapter 5 of version 2.4 of the 
     Macintosh version documentation and Chapter 7 of version 2.3 of the 
     PC version.  Note that the documentation (as well as the package 
     itself) is available by anonymous ftp from ftp.ncsa.uiuc.edu 

     The instructions for enabling password protection differ between
     the Macintosh and PC versions, but in both cases they involve
     enabling the "passfile" option in the configuration file, and
     creating usernames and encrypted passwords with the Telpass

     CERT/CC strongly urges all sites running NCSA Telnet to implement
     one of these two workarounds.

The CERT/CC would like to thank NCSA and Clarkson University for their

If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.sei.cmu.edu
Telephone: 412-268-7090 24-hour hotline:
           CERT/CC personnel answer 7:30a.m.-6:00p.m. EDT,
           on call for emergencies during other hours.

Past advisories and other computer security related information are available
for anonymous ftp from the cert.sei.cmu.edu ( system.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH