Full Disclosure mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: "Oliver Friedrichs" <oliver_friedrichs () symantec com>
Date: Mon, 12 Feb 2007 22:10:42 -0800
Am I missing something? This vulnerability is close to 10 years old. It was in one of the first versions of Solaris after Sun moved off of the SunOS BSD platform and over to SysV. It has specifically to do with how arguments are processed via getopt() if I recall correctly. Oliver -----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Sunday, February 11, 2007 10:01 PM To: bugtraq () securityfocus com Cc: full-disclosure () lists grok org uk Subject: Solaris telnet vulnberability - how many on your network? Johannes Ullrich from the SANS ISC sent this to me and then I saw it on the DSHIELD list: ---- If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23 at your perimeter. There is a fairly trivial Solaris telnet 0-day. telnet -l "-froot" [hostname] will give you root on many Solaris systems with default installs We are still testing. Please use our contact form at https://isc.sans.org/contact.html if you have any details about the use of this exploit. ---- You mean they still use telnet?! Update from HD Moore: "but this bug isnt -froot, its -fanythingbutroot =P" On the exploits@ mailing list and on DSHIELD this vulnerability was verified as real. If Sun doesn't yet block port 23/tcp incoming on their /8, I'd make it a strong suggestion. Anyone else running Solaris? Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 12)
- Re: Solaris telnet vulnberability - how many on your network? Vincent Archer (Feb 12)
- Re: Solaris telnet vulnberability - how many on your network? Huzeyfe Onal (Feb 12)
- Re: Solaris telnet vulnberability - how many on your network? Graham Reed (Feb 12)
- Re: Solaris telnet vulnerability - how many on your network? Brad_Powell (Feb 12)
- Re: Solaris telnet vulnberability - how many on your network? Oliver Friedrichs (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Michal Zalewski (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many onyour network? Peter Ferrie (Feb 13)
- Re: Solaris telnet vulnberability - how many onyour network? Gadi Evron (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Damien Miller (Feb 15)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 15)
- Re: Solaris telnet vulnberability - how many on your network? Vincent Archer (Feb 12)
- Re: Solaris telnet vulnberability - how many on your network? Oliver Friedrichs (Feb 13)