[Dshield] Solaris Telnet 0-day (Important!)

Brendan Dolan-Gavitt mooyix at gmail.com
Sun Feb 11 22:04:20 GMT 2007


WOW that's a stupid hole :) The same bug was found in rlogin in AIX
sometime around 1994  (see
http://www.cert.org/advisories/CA-1994-09.html for details). If
Solaris 10 & 11 are truly vulnerable to this bug, Sun deserves a
*swift* kick to the head.

-Brendan

On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
>
> If you run Solaris, please check if you got telnet enabled NOW. If you
> can, block port 23 at your perimeter. There is a fairly trivial Solaris
> telnet 0-day.
>
> telnet -l "-froot" [hostname]
>
> will give you root on many Solaris systems with default installs
> We are still testing. Please use our contact form at
> https://isc.sans.org/contact.html
> if you have any details about the use of this exploit.
>
>
>
> --
> ---------
> Johannes Ullrich                        http://isc.sans.org
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
>         Register Today! <http://www.sans.org/info/2501>
> (Brochurecode: ISC)
>
> PGP Key: https://secure.dshield.org/PGPKEYS
>
>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>
>


More information about the list mailing list