Star Easy Solaris 10 Telnet Exploit Found
Linked by Thom Holwerda on Mon 12th Feb 2007 18:30 UTC, submitted by stare
Sun Solaris, OpenSolaris If you've got Solaris with telnet running, you could be in for a big surprise. There is a fairly trivial Solaris telnet 0-day exploit in the wild [.pdf]. "This was posted to Full-Disclosure. Remote root exploit in the Solaris 10/11 telnet daemon. It doesn't require any skill, any exploit knowledge, and can be scripted for mass attacks. Basically if you pass a '-fusername' as an argument to the –l option you get full access to the OS as the user specified. In my example I do it as bin but it worked for regular users, just not for root. This combined with a reliable local privilege escalation exploit would be devastating. Expect mass scanning and possibly the widespread exploitation of this vulnerability."
E-mail Print r 0   43 Comment(s) http://osne.ws/daw
Thread beginning with comment 211865
To read all comments associated with this story, please click here.
Wow, that's a doozy
by BluenoseJake on Mon 12th Feb 2007 19:17 UTC
BluenoseJake
Member since:
2005-08-11

Good thing nobody really uses telnet on the intarweb any more

Reply Bookmark Score: 4

RE: Wow, that's a doozy
by Trollstoi on Mon 12th Feb 2007 19:46 in reply to "Wow, that's a doozy"
Trollstoi Member since:
2005-11-11

WAH?
I use telnet all the time to play MUDs.

Reply Parent Bookmark Score: 2

RE[2]: Wow, that's a doozy
by BluenoseJake on Tue 13th Feb 2007 03:06 in reply to "RE: Wow, that's a doozy"
BluenoseJake Member since:
2005-08-11

Those MUDs are probably running on mission critical servers too, oh wait, that's right, they're not.

Reply Parent Bookmark Score: 3

RE: Wow, that's a doozy
by Soulbender on Tue 13th Feb 2007 02:35 in reply to "Wow, that's a doozy"
Soulbender Member since:
2005-08-18

"Good thing nobody really uses telnet on the intarweb any more"

Yeah, except a good chunk of the intarweb infrastructure.
Try getting a refurbished Cisco box that supports ssh or an IOS image that does. Heck, try getting a brand new Cisco box that does, especially if you're outside the U.S.A. In the unlikely event that you do Cisco still only support ssh v1.
Not to mention the other myriad of equipment old and new.

Reply Parent Bookmark Score: 2

RE[2]: Wow, that's a doozy
by BluenoseJake on Tue 13th Feb 2007 03:05 in reply to "RE: Wow, that's a doozy"
BluenoseJake Member since:
2005-08-11

Uh, I think we are talking about the telnet server on a general purpose Unix OS made by Sun, not IOS used in a router or switch. most of the places I have worked, the switches and routers can and are configured not to talk to the outside world on port 23, so I think that could be considered moot

Reply Parent Bookmark Score: 3

Read more of this thread... >