Network Security: Detailed info on Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how ma

from [Thierry Zoller] Network Security

[Permanent Link]

Subject:	Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?
Date:	Mon, 12 Feb 2007 13:52:14 +0100

Dear List,

GE>     telnet -l "-froot" [hostname]
GE> "but this bug isnt -froot, its -fanythingbutroot =P"

Should we really consider this a BUG ? With all due respect, this
reads, smells and probably tastes like a backdoor, and obvious one
granted but still, to my believe this raises the question are there
more of them ? I think the guys behind solairs should investigate and
post the result of their enquiry publicaly (to the vuln. post would be a
good idea) if they still want poeple to trust.


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Thierry Zoller <= RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Michael Wojcik Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Casper . Dik RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Joep Vesseur Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Gadi Evron Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability -, Darren Reed

Previous by Date:	Inertia News Remote File İnclude, crazy_king
Next by Date:	XSS in lighttpd, bl4ck
Previous by Thread:	Inertia News Remote File İnclude, crazy_king
Next by Thread:	RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, Michael Wojcik
Indexes:	[Date] [Thread] [Top] [All Lists]