Solaris telnet vulnberability - how many on your network?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Solaris telnet vulnberability - how many on your network?
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Mon, 12 Feb 2007 00:00:30 -0600 (CST)
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:

----
    If you run Solaris, please check if you got telnet enabled NOW. If you
    can, block port 23 at your perimeter. There is a fairly trivial
    Solaris telnet 0-day.

    telnet -l "-froot" [hostname]

    will give you root on many Solaris systems with default installs
    We are still testing. Please use our contact form at
    https://isc.sans.org/contact.html
    if you have any details about the use of this exploit.
----

You mean they still use telnet?!

Update from HD Moore:
"but this bug isnt -froot, its -fanythingbutroot =P"

On the exploits@ mailing list and on DSHIELD this vulnerability was
verified as real.

If Sun doesn't yet block port 23/tcp incoming on their /8, I'd make it a
strong suggestion.

Anyone else running Solaris?

        Gadi.

Follow-Ups:
- Re: Solaris telnet vulnberability - how many on your network?
  - From: Leandro Gelasi
- RE: Solaris telnet vulnberability - how many on your network?
  - From: Oliver Friedrichs
- Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?
  - From: Vincent Archer

Prev by Date: XSS in JBoss Portal
Next by Date: XSS in communityserver !
Previous by thread: XSS in JBoss Portal
Next by thread: Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?
Index(es):
- Date
- Thread