Re: Solaris telnet vulnberability - how many on your network?

To: Gadi Evron <ge@xxxxxxxxxxxx>
Subject: Re: Solaris telnet vulnberability - how many on your network?
From: georg.oppenberg@xxxxxxxxxxx
Date: Tue, 13 Feb 2007 21:19:52 +0100
Cc: Oliver Friedrichs <oliver_friedrichs@xxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: Your message of "Tue, 13 Feb 2007 03:46:24 CST." <Pine.LNX.4.21.0702130340320.11234-100000@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi,

Solaris is now Open Source, so you can see yourself at
http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-in
et/usr.sbin/in.telnetd.c?r2=3629&r1=2923
what the problem and its resolution are.
There are also the blogs by Alan Hargreaves from SUN Australia at 
http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit
and by Dan McDonald from SUN at 
http://blogs.sun.com/danmcd/entry/how_opensolaris_did_its_job
describing how this vulnerability was first reported, fixed and alerts 
and patches provided.

This is a big mistake but I see no reason to think of backdoors and 
age-old problems on other OSes any longer. On the contrary I can see 
the huge progress SUN has made and is making in regards to security and 
openness.

Cheers 
        Georg Oppenberg

> On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
> > 
> > Am I missing something?  This vulnerability is close to 10 years old.
> > It was in one of the first versions of Solaris after Sun moved off of
> > the SunOS BSD platform and over to SysV.  It has specifically to do with
> > how arguments are processed via getopt() if I recall correctly.
> 
> Hey Oliver! :)
> 
> Well than, I guess it just became new again. And to be honest, I have to
> agree with a previous poster and suspect (only suspect) it could somehow
> be a backdoor rather than a bug.
> 
> The reason why this vulnerability is so critical is the number of networks
> and organizations which rely on Solaris for critical production servers,
> as well as use telnet for internal communication on their LAN (now how
> smart is that? I'd rather use telnet on the Internet than on a local LAN).
> 
> Further, there are quite a few third party appliances (some
> infrastructure back-end) that can not easily be patched running on
> Solaris (forget fuzzing or VA, people never even NMAP appliances they
buy).
> 
> I am unsure of how long we will see this in to-do items of corporate
> security teams around the world, but I am sure Sun's /8 is getting a lot
> of action recently.
> 
> > 
> > Oliver 
> 
>       Gadi.
>

References:
- RE: Solaris telnet vulnberability - how many on your network?
  - From: Gadi Evron

Prev by Date: Re: DotClear Full Path Disclosure Vulnerability
Next by Date: iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability
Previous by thread: Reflections on Trusting Trust [was: Re: Solaris telnet ...]
Next by thread: Re: Solaris telnet vulnberability - how many on your network?
Index(es):
- Date
- Thread