| VID |
14001 |
| Severity |
20 |
| Port |
23 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
The Server's type and version is detected by connecting to the telnet service. This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible. |
| Recommendation |
For Linux systems:
Reconfigure the 'telnet' line in /etc/inetd.conf as the following steps
1. Change user to root.
2. Open /etc/inetd.conf (or equivalent) file in any text editor.
3. Search for the line beginning with "telnet".
4. Add "-h" string at the end of this line.
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd -h
5. Restart inetd daemon.
# kill -1 [inetd pid]
For Solaris systems:
The default is (more or less) equivalent to "`uname -sr`" and will be used if no banner is set in /etc/default/telnetd.
To set the banner, add a line of the form
BANNER="..."
to /etc/default/telnetd. Nonempty banner strings are fed to shells for evaluation. The default banner may be obtained by
BANNER="\\r\\n\\r\\n`uname -s` `uname -r`\\r\\n\\r\\n"
and no banner will be printed if /etc/default/telnetd contains
BANNER=""
For HP-UX systems:
Telnetd has '-b [bannerfile]' option. If bannerfile is not specified, telnetd does not print a login banner. And reconfigure the 'telnet' line in /etc/inetd.conf as the following steps:
1. Change user to root.
2. Open /etc/inetd.conf (or equivalent) file in any text editor.
3. Search for the line beginning with "telnet".
4. Add "-b" string at the end of this line.
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b
5. Restart inetd daemon.
# kill -1 [inetd pid]
For the others:
You can get the help from the UNIX manual provided by each vendor with the command "man telnetd" or "man in.telnetd". |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
