Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Solaris telnet vulnberability - how many on your n

from [Oliver Friedrichs] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?
Date: Mon, 12 Feb 2007 22:10:42 -0800 

Am I missing something?  This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV.  It has specifically to do with
how arguments are processed via getopt() if I recall correctly.

Oliver 

-----Original Message-----
From: Gadi Evron [mailto:ge@linuxbox.org] 
Sent: Sunday, February 11, 2007 10:01 PM
To: bugtraq@securityfocus.com
Cc: full-disclosure@lists.grok.org.uk
Subject: Solaris telnet vulnberability - how many on your network?

Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:

----
    If you run Solaris, please check if you got telnet enabled NOW. If
you
    can, block port 23 at your perimeter. There is a fairly trivial
    Solaris telnet 0-day.

    telnet -l "-froot" [hostname]

    will give you root on many Solaris systems with default installs
    We are still testing. Please use our contact form at
    https://isc.sans.org/contact.html
    if you have any details about the use of this exploit.
----

You mean they still use telnet?!

Update from HD Moore:
"but this bug isnt -froot, its -fanythingbutroot =P"

On the exploits@ mailing list and on DSHIELD this vulnerability was
verified as real.

If Sun doesn't yet block port 23/tcp incoming on their /8, I'd make it a
strong suggestion.

Anyone else running Solaris?

        Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XSS in lighttpd, bl4ck
Next by Date:  Re: Web Server Botnets and Server Farms as Attack Platforms, Steven M. Christey
Previous by Thread:  Re: [Full-disclosure] Solaris telnet vulnerability - how many on your network?, Brad_Powell
Next by Thread:  RE: Solaris telnet vulnberability - how many on your network?, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]