Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

Telnet disabled because of vulnerability

December 23, 2011

A critical, remotely-exploitable security vulnerability was recently discovered in the the Telnet daemon. This vulnerability affects the Kerberized Telnet service which runs by default on Facilitized Redhat, Fedora, and Solaris hosts (by default, Telnet is not enabled on hosts running the Dragon Ubuntu environment), and may affect the Telnet service on some non-Facilitized hosts as well.

Because this is a critical vulnerability, incoming network traffic to the default Telnet port (23) has been filtered at the SCS network border and the Telnet service is being disabled on all Facilitized Redhat, Fedora, and Solaris hosts.

If you currently use Telnet to connect to Facilitized hosts, you can use SSH, which provides the same functionality. If you are running a non-Telnet service on port 23 on a host on the SCS network, you should re-locate that service to another port.

Additional information about this vulnerability can be found at: http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc