Bugtraq mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: georg.oppenberg () deu mci com
Date: Tue, 13 Feb 2007 21:19:52 +0100
Hi, Solaris is now Open Source, so you can see yourself at http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-in et/usr.sbin/in.telnetd.c?r2=3629&r1=2923 what the problem and its resolution are. There are also the blogs by Alan Hargreaves from SUN Australia at http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit and by Dan McDonald from SUN at http://blogs.sun.com/danmcd/entry/how_opensolaris_did_its_job describing how this vulnerability was first reported, fixed and alerts and patches provided. This is a big mistake but I see no reason to think of backdoors and age-old problems on other OSes any longer. On the contrary I can see the huge progress SUN has made and is making in regards to security and openness. Cheers Georg Oppenberg
On Mon, 12 Feb 2007, Oliver Friedrichs wrote:Am I missing something? This vulnerability is close to 10 years old. It was in one of the first versions of Solaris after Sun moved off of the SunOS BSD platform and over to SysV. It has specifically to do with how arguments are processed via getopt() if I recall correctly.Hey Oliver! :) Well than, I guess it just became new again. And to be honest, I have to agree with a previous poster and suspect (only suspect) it could somehow be a backdoor rather than a bug. The reason why this vulnerability is so critical is the number of networks and organizations which rely on Solaris for critical production servers, as well as use telnet for internal communication on their LAN (now how smart is that? I'd rather use telnet on the Internet than on a local LAN). Further, there are quite a few third party appliances (some infrastructure back-end) that can not easily be patched running on Solaris (forget fuzzing or VA, people never even NMAP appliances they
buy).
I am unsure of how long we will see this in to-do items of corporate security teams around the world, but I am sure Sun's /8 is getting a lot of action recently.OliverGadi.
Current thread:
- Re: Solaris telnet vulnberability - how many on your network?, (continued)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Damien Miller (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 15)
- Re[2]: Solaris telnet vulnberability - how many on your network? Thierry Zoller (Feb 14)
- RE: Re[2]: Solaris telnet vulnberability - how many on your network? Roger A. Grimes (Feb 14)
- RE: Re[2]: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 15)
- Re: Re[2]: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 15)
- RE: Re[2]: Solaris telnet vulnberability - how many on your network? Evans, Thomas (Feb 15)
- Reflections on Trusting Trust [was: Re: Solaris telnet ...] Gadi Evron (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? georg . oppenberg (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Joe Shamblin (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 14)
- RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? David Taylor (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 15)