[Dshield] Solaris Telnet 0-day (Important!)
kkadow at gmail.com
Mon Feb 12 03:38:49 GMT 2007
On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
> If you run Solaris, please check if you got telnet enabled NOW. If you
> can, block port 23 at your perimeter. There is a fairly trivial Solaris
> telnet 0-day.
> telnet -l "-froot" [hostname]
> will give you root on many Solaris systems with default installs
> We are still testing. Please use our contact form at
On systems where the above fails with "Not on system console", don't
assume that the machine is secure, because the following does work,
and is one step from root:
telnet -l "-fbin" [hostname]
Gadi Evron <ge at linuxbox.org> wrote:
>. If Solaris 10 & 11 are truly vulnerable to this bug,
> Sun deserves a *swift* kick to the head.
The above is from my testing with Solaris 10, so get ready to start kicking...
More information about the list