I saw someone make a post that recommended deleting telnet.exe from \windows\system32\ and the dllcache as it is a possible security risk. I can see this being true on XP Pro as it has telnet server but on XP Home it is just a client. Is it still a possible security hole on XP Home?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Is telnet.exe a posible security risk?
- Thread starter Gatticus
- Start date
It's not a security risk unless you are running a telnet server or actually using the client. The problem with telnet is that it is not encrypted. So, all commands, usernames, and passwords are sent in clear text. If you are not actually using it, you have little to worry about. If you are using it, consider using IPSec to secure the traffic. You could use SSH instead.
Monkey34
Supreme [H]ardness
- Joined
- Apr 11, 2003
- Messages
- 5,140
If you dont use it, you can disable the service.......no worrys.
LordBritish
2[H]4U
- Joined
- Jan 28, 2001
- Messages
- 2,062
Pull your internet cable - it's a security risk.
Hell just shut off your computer already.
Hell just shut off your computer already.
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
LordBritish said:
Someone could turn it on again though. Best be burning the thing. With Fire.
To the OP: I wouldn't delete the executable, its probably nothing to worry about as long as you're not using it. If you are using it, just get something else and use that instead.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Gatticus said:
Can you provide a link so that we can see the context in which they were calling it a risk?
Wow, I've never seen so many dickheads in one place before.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024159.html
telnet URL type used in exploit
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
Microsoft Security Bulletin MS05-033
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
http://www.nsa.gov/snac/support/sixty_minutes.pdf
Set resource permissions properly. Tighten the permissions on tools that an attacker
might use once he has gained a foothold on the system, e.g., explorer.exe,
regedit.exe, poledit.exe, taskman.exe, at.exe, cacls.exe,
cmd.exe, finger.exe, ftp.exe, nbstat.exe, net.exe, net1.exe,
netsh.exe, rcp.exe, regedt32.exe, regini.exe, regsvr32.exe,
rexec.exe, rsh.exe, runas.exe, runonce.exe, svrmgr.exe,
sysedit.exe, telnet.exe, tftp.exe, tracert.exe, usrmgr.exe,
http://www.aerasec.de/security/systems/winnt.html?lang=en
Remove potential dangerous programs, e.g. rasdial.exe, telnet.exe, ftp.exe
Every service offered might result in security problems. Even if the system is safe today, it might show new detectected vulnerabilities. Such a vulnerability might be detected minutes later. So only the really necessary services should be offered and the administrator should follow security related discussions in the Internet.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024159.html
telnet URL type used in exploit
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
Microsoft Security Bulletin MS05-033
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
http://www.nsa.gov/snac/support/sixty_minutes.pdf
Set resource permissions properly. Tighten the permissions on tools that an attacker
might use once he has gained a foothold on the system, e.g., explorer.exe,
regedit.exe, poledit.exe, taskman.exe, at.exe, cacls.exe,
cmd.exe, finger.exe, ftp.exe, nbstat.exe, net.exe, net1.exe,
netsh.exe, rcp.exe, regedt32.exe, regini.exe, regsvr32.exe,
rexec.exe, rsh.exe, runas.exe, runonce.exe, svrmgr.exe,
sysedit.exe, telnet.exe, tftp.exe, tracert.exe, usrmgr.exe,
http://www.aerasec.de/security/systems/winnt.html?lang=en
Remove potential dangerous programs, e.g. rasdial.exe, telnet.exe, ftp.exe
Every service offered might result in security problems. Even if the system is safe today, it might show new detectected vulnerabilities. Such a vulnerability might be detected minutes later. So only the really necessary services should be offered and the administrator should follow security related discussions in the Internet.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Gatticus said:Wow, I've never seen so many dickheads in one place before.
I would like to think your not including me in your statement.
Telnet can be a security risk depending on the *context* of which it is being used. Telnet can be used as a client or server. Your original post did not indicate in which context it was being discussed, therefore I asked for a simple link so I could read that "discussion" for myself. Nothing more was meant by my request.
I don't know about most people, but for me, the telnet client can be a very useful troubleshooting tool and thus may be restricted to administrative users, but certainly does not get deleted from a system.
No, that comment doesn't apply to you or even everyone in this thread. Those that it does apply to know who they are.
The reason this came up is because someone was talking about how to secure XP without getting any of the service packs and security patches, they said to delete telnet.exe as part of securing your PC. It doesn't apply to me as I do get all the security updates from Microsoft. Sorry, I can't find the thread, I did look for it though. I don't use telnet so was just wondering if there is any harm in deleting it.
The reason this came up is because someone was talking about how to secure XP without getting any of the service packs and security patches, they said to delete telnet.exe as part of securing your PC. It doesn't apply to me as I do get all the security updates from Microsoft. Sorry, I can't find the thread, I did look for it though. I don't use telnet so was just wondering if there is any harm in deleting it.
Well, since that comment applied to me then, I'll give you a constructive answer. Whoever you were listening to at the time, don't ever take computing advice from them again. They don't know the first thing about securing a PC. It's not even logical, much less valid enough to even debate. That person led you astray, so I'd ignore their advice from this point on.
Josh_B said:Not that you deserve it. Why would you ask advice, then slam it in our faces when we try to help?
If you've already made up your mind to delete telnet.exe, then go for it. No one here is going to care.
Did you even read the thread? He asked a perfectly reasonable question nicely and what did he get? A bunch of snide and insulting remarks.
To the OP, the easiest way to make sure Windows telnet is secure is by disabling it. Type and Run services.msc, then in the list of services look for telnet. Double click, the startup type should be manual (default), if it is enabled, set to disable. In services status, check if Stopped is clickable, if it is click on it to stop Telnet.
While your in Services manager, you should disable remote registry (which oddly enough is set to auto). I'm running XP Pro so you might not have these entries but it doesn't hurt to check.
Disabling a service, and deleting a system file are two vastly different topics. My original comments weren't directed specifically at the OP...but a generalization of the kinds of posts we've been getting. Anyone who's been reading on here for even a short amount of time would know what I was talking about. However, it does bring about some thoughts. This is supposed to be (at least at one time) a pwer / advanced computing forum. Far too often, people create a thread, rather than find a quick answer themselves, or even stop to think if it's logical or not (the topic of the question). I know the common phrase is "Google is your friend" can get old, but the concept is still valid.teenk said:
djnes said:
I understand what your saying. Myself am new to posting but I've been lurking for a long time, I like to read more than post. What I've always noticed tho is people tend to be way too fast in using the flame button. It may get tiring getting these threads but there is just no reason for being a jackass (not saying that you are), and posting rude and often useless responses will not stop people from starting new threads that you find stupid. Also straightforward answer will keep the thread from staying in the first page of the forum.
The Microsoft security bulletin has a patch, which has probably been installed automagically, so you should be fine.
The vulnerability wasn't bad anyway:
"An attacker who successfully exploited this vulnerability could only read the session variables for the affected user. This does not include critical data such as password hashes."
and even there, you would have to log on to the malicious telnet server yourself.
My original response was just me being my usual cheeky self. Your question was legitimate imo.
The vulnerability wasn't bad anyway:
"An attacker who successfully exploited this vulnerability could only read the session variables for the affected user. This does not include critical data such as password hashes."
and even there, you would have to log on to the malicious telnet server yourself.
My original response was just me being my usual cheeky self. Your question was legitimate imo.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Gatticus said:
Noobs? Seems to me your the one asking questions about telnet security risks......
Speaking of your telnet security risk links:
Gatticus said:
If you had read this "exploit" telnet in itself is not being exploited, but *overwritten* by a malicious program which is then executed via web browser by calling the "telnet.exe" command. Telnet itself is not responsible for the exploit since it could easily be substituted by many other command line programs that can be executed by using IE address bar.
A patched IE fixes this issue since it uses the MHTML exploit to gain privs to overwrite a file.
IE is the problem, not telnet.
Gatticus said:
This mentioned vulnerability does not allow for a system to be compromised. It merely allows for a malicious user to read certain session values. This requires the victim connect to a malicious telnet server in the first place.
Reading these values does not equate to a machine that has been compromised.
SMTP, POP3, FTP, and HTTP are all clear text protocols just like telnet that can reveal information about a computer. Any clear text transmissions could potentially be used to gain information on a machine or system you want to attack.
Are you going to stop web browsing and email simply because people can "read" information about your computer?
Gatticus said:
These two links are *GUIDES* to security and in no way show that telnet is/was a direct result in a machine compromise.
Seriously, you need to put telnet in a context before spouting off about security and posting links about "risks". In some situations telnet is useful or required, in others telnet might be used to gather information. But without a context in which telnet is being used, blanket statements such as "telnet is a security risk, delete it" are not justified.
Security is not a hard and fast set of rules, you must first analyzing the environment, systems, OS, usage, business requirements, and *potential* for compromise before blindly following a set of security recommendations.
You had best have a fair bit more knowledge and experience before calling others "noobs".
BobSutan
[H]F Junkie
- Joined
- Apr 5, 2000
- Messages
- 12,121
SJConsultant said:
QFT. Its one thing to PING a destination for reachability reasons. Its another thing entirely to actually go up the stack and communicate with a system interactively.
And a word of warning to those that insist on bickering: read the sticky.
Gatticus said:Wow, I've never seen so many dickheads in one place before.
Seriously, I don't understand why people make fun of OP's....they asked a question and if you have an intelligent opinion/answer, then by all means post it, if not exit the thread
djnes said:Talk about endearing yourself to those you came to for help.
But that I have to agree on
There is a fundamental flaw in your logic in that with all that you've posted the machine is already compromised, thus any attacker already has a potential high level access to the machine. At this point all he's doing is using what's readily available to him.Gatticus said:Wow, I've never seen so many dickheads in one place before.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024159.html
telnet URL type used in exploit
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
Microsoft Security Bulletin MS05-033
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
http://www.nsa.gov/snac/support/sixty_minutes.pdf
Set resource permissions properly. Tighten the permissions on tools that an attacker
might use once he has gained a foothold on the system, e.g., explorer.exe,
regedit.exe, poledit.exe, taskman.exe, at.exe, cacls.exe,
cmd.exe, finger.exe, ftp.exe, nbstat.exe, net.exe, net1.exe,
netsh.exe, rcp.exe, regedt32.exe, regini.exe, regsvr32.exe,
rexec.exe, rsh.exe, runas.exe, runonce.exe, svrmgr.exe,
sysedit.exe, telnet.exe, tftp.exe, tracert.exe, usrmgr.exe,
http://www.aerasec.de/security/systems/winnt.html?lang=en
Remove potential dangerous programs, e.g. rasdial.exe, telnet.exe, ftp.exe
Every service offered might result in security problems. Even if the system is safe today, it might show new detectected vulnerabilities. Such a vulnerability might be detected minutes later. So only the really necessary services should be offered and the administrator should follow security related discussions in the Internet.
djnes said:Talk about endearing yourself to those you came to for help.
I didn't come for help. I was just interested in other's opinions of what this chap had said.
I don't appreciate being talked down to by some self proclaimed "enthusiasts" so the response is warranted. I never had any intention of deleting telnet.exe from my PC.
Gatticus said:Wow, I've never seen so many dickheads in one place before.
I can see where this comment you MIGHt have been trying to be funny, but missed the mark quite a bit.
Your original question indicated you really had no clue about what it was you were asking, and for those that do know, well, let me put it this way:
If my boss came in and asked me exactly the question you did, that they had read an article about this and what are we doing to protect ourselves, because he went in and checked his %systemroot%\system32 folder and found the file there, AND I knew for a fact he didn't know how telnet worked, my fix would be to change his system's NTFS security so he wouldn't be allowed to view the contents of his %systemroot%. In all likelyhood I'd have never run into that problem in the first place because I would have done that long ago.
Point being, the earlier posts were neither rude nor condescending, and you'd understand that if you read these forums regularly (which I assume you do).
Besides the fact that your question revealed that, in fact, you do not understand what exactly is going on with windowsXP and telnet.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Gatticus said:
But yet you still are missing the point. In order to evaluate a security risk you need to present it with a *CONTEXT*. Without a context there can be no meaningful discussion or intelligent opinions given. Security is not black or white, nor is it a simple yes/no answer.
FYI You still have not provided a link to the conversation you "read" in the first place.
You asked if you should delete the file or not, and now you claim you weren't ever going to delete it? Why did you start a thread asking that very question then? On top of that, you wonder why people copped an attitude with you and "talked down to you"? Seriously...this goes beyond computer skills, and right into people skills. You've been back tracking throughout this entire thread, changing your stance several times, and then you have the nerve to put us all down, saying the people in the Ubuntu forums know more than us? Enjoy your time over there, before you get banned for pulling the same thing. Call us when they have the same reputation these boards have. I hope, honestly, for your sake, that you don't ever act this way in dealing with people in the job world. People skills are at a premium these days.Gatticus said: