Slashdot Mirror

← Back to Stories (view on slashdot.org)

Solaris, AIX Login Hole

Posted by michael on from the still-another-reason-not-to-use-telnet dept.

An anonymous submitter sent in: "A CERT Advisory describes a buffer overflow vulnerability in implementations of login derived from System V, which includes among Solaris 8 and earlier and AIX 4.3/5.1. "An exploit exists and may be circulating." Vendors are testing fixes." There's a Reuters story as well.

3 of 267 comments (clear)

  1. Re:See, Unix has problems too now. by ClosedSource · · Score: 0, Flamebait

    Hackers target MS products for political reasons. They want MS to look bad and Unix to look good.

  2. Sun et al aren't demanding silence, M$ is by FreeUser · · Score: 5, Flamebait

    Sun et al aren't demanding silence from security professionals who discover bugs, security holes, and exploits.

    Microsoft is.

    What is more, Microsoft is trying to bribe security professionals and services into silence, requiring among other things that Microsoft be informed of problems before the securty firm's own paying customers are.

    In short, Sun & Co. have done nothing improper or worthy of customer or professional outrage.

    Microsoft has.

    Biased or not, Slashdot and its readership are more than a little correct in bashing Microsoft's security policies, and in reporting security lapses of other firms as well, even though these other firms have behaved in a much more ethical and open manner.

    Had it been otherwise, you doubtless would have been bashing slashdot and its readership for not reporting the vulnerabilities.

    In short, Mr. Microsoft Flunky, get over yourself. If slashdot's pro-Free Software and pro-GNU/Linux bias upsets you so much, then go hang out in a pro-Microsoft forum where you can suck up as much Redmond marketing drivel as your heart desires, while leaving the rest of us in peace.

    --
    The Future of Human Evolution: Autonomy
  3. Trust nothing by Evil+MarNuke · · Score: 0, Flamebait
    In terms of network design, you should not trust anything. The whole idea of trusting a computer is obsolete. It dates back to a world where everyone knew everyone else.

    Today network are designed and built with idea and mind set that anything on the network could be cracked. Machine you know are cool need to prove who they are. Don't assume anything. By default insecure service should be disabled and never used. The insecure terms should not be used. When the phase `telnet into a box` is heard it should should be corrected with `ssh into a box`. Anyone that still uses r services or telnet for access get what is coming to them.

    Death to port 23!!

    --
    The journey is better then the end.