Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Solaris telnet vulnberability - how many on your network?

from [Darren Reed] Network Security [Permanent Link]
Subject: Re: Solaris telnet vulnberability - how many on your network?
Date: Sat, 17 Feb 2007 09:57:45 +1100 (Australia/ACT) 
In some mail from greimer@fccc.edu, sie said:


1) This seems like a case of "old code" somehow creeping back in to the 
current versions, and that's a phenomenon I've seen happen at a couple of 
different places that I've worked at over the years. It's kind of a 
special case of version control gone bad, and I'm interested in how that 
can happen and how to watch out for it.

1a) People have said that this bug was in old versions of SunOS/Solaris 
(and AIX I think) but nobody ever nailed down exactly when this was fixed, 
versionwise. In fact, did anybody reproduce this in anything other than 
Solaris 10? It'd be nice to know the last old version that has the bug, & 
the 1st that doesn't.


Solaris's /bin/login has never supported the "-f" command line option
until Solaris 10 (RTFM) so this exploit was just plain not possible.

The other avenue for passing command line args to telnet is through
the TERM telnet option, but Solaris stopped passing that through on
the command line a long time ago (maybe 2.3 or earlier?)


2) Does this have anything to do with the OpenSolaris effort?


No.


Like are people pulling in code from other sources?


More people should go back and read Casper's email where he explained
that it came about with a Kerberos project.

Darren
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Firefox: about:blank is phisher's best friend, Michal Zalewski
Next by Date:  Re: Re: Re: Solaris telnet vulnberability - how many on your network?, Gadi Evron
Previous by Thread:  Re: Solaris telnet vulnberability - how many on your network?, greimer
Next by Thread:  Re: Solaris telnet vulnberability - how many on your network?, Nate Eldredge
Indexes:  [Date] [Thread] [Top] [All Lists]