Hi,
Solaris is now Open Source, so you can see yourself at
http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-in
et/usr.sbin/in.telnetd.c?r2=3629&r1=2923
what the problem and its resolution are.
There are also the blogs by Alan Hargreaves from SUN Australia at
http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit
and by Dan McDonald from SUN at
http://blogs.sun.com/danmcd/entry/how_opensolaris_did_its_job
describing how this vulnerability was first reported, fixed and alerts
and patches provided.
This is a big mistake but I see no reason to think of backdoors and
age-old problems on other OSes any longer. On the contrary I can see
the huge progress SUN has made and is making in regards to security and
openness.
Cheers
Georg Oppenberg
On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do with
how arguments are processed via getopt() if I recall correctly.
Hey Oliver! :)
Well than, I guess it just became new again. And to be honest, I have to
agree with a previous poster and suspect (only suspect) it could somehow
be a backdoor rather than a bug.
The reason why this vulnerability is so critical is the number of networks
and organizations which rely on Solaris for critical production servers,
as well as use telnet for internal communication on their LAN (now how
smart is that? I'd rather use telnet on the Internet than on a local LAN).
Further, there are quite a few third party appliances (some
infrastructure back-end) that can not easily be patched running on
Solaris (forget fuzzing or VA, people never even NMAP appliances they
buy).
I am unsure of how long we will see this in to-do items of corporate
security teams around the world, but I am sure Sun's /8 is getting a lot
of action recently.
Oliver
Gadi.
