Full Disclosure mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: Rodrigo Barbosa <rodrigob () darkover org>
Date: Wed, 14 Feb 2007 18:09:09 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Feb 12, 2007 at 12:00:30AM -0600, Gadi Evron wrote:
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on the DSHIELD list: ---- If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23 at your perimeter. There is a fairly trivial Solaris telnet 0-day. telnet -l "-froot" [hostname] will give you root on many Solaris systems with default installs We are still testing. Please use our contact form at https://isc.sans.org/contact.html if you have any details about the use of this exploit. ----
- -l -froot ? Wow. We used to have bad bug on AIX, back in 1995 or so. It was long fixed. If I recall correctly, it was also present on SunOS, or maybe Solaris 1 or 2, but I'm not sure of anything but AIX. []s - -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFF02xlpdyWzQ5b5ckRAvn4AJ4/iugzlRRWBOuX+L28SYcizu/40QCgsxG9 V6Zi1d13THRoJ9Sl4lugfq8= =rB7s -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Solaris telnet vulnberability - how many on your network?, (continued)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Gadi Evron (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Ham Beast (Feb 13)
- Re: Solaris telnet vulnberability - how many on your network? Joe Shamblin (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Casper . Dik (Feb 14)
- Re: Solaris telnet vulnberability - how many onyour network? David Taylor (Feb 14)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 15)
- Re: Solaris telnet vulnberability - how many on your network? Joe Beasley (Feb 16)