|
Written by Editor
|
|
Monday, 12 February 2007 09:48 |
|
It seems there is a small problem with Telnet running on Solaris that is reported by the ISC Team at Sans.
Basically if you run Solaris and have the Telnet service enabled, check your systems now for signs of compromise. At the same time ensure that if Telnet is required make sure it is filtered from external access and if it is not required turn it off NOW.
Why? Well the 0-Day that has been discovered is extremely trivial to exploit, in so much as this is the full command line required to exploit:
telnet -l "-froot" [hostname]
It should give you root on any default or near default install of Solaris that has the Telnet service running. It seems that the exploit will not work for root access if root logins are limited to the console however, but just change the '-froot' to '-f<anyusername>' and you’ll gain access as that user e.g. '-fbin' will get you in as the bin user.
The guys at ISC at Sans have asked for anyone that has information of active exploitation of this vulnerability to contact them, their contact details can be found here. |
