Solaris Telnet 0-day vulnerability

philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."

Here come the fanboys

Cue the "It's still more secure than Windows!" comments.

Ha!

See? Your "Linux" thing has more vulnerabilites than Vista! Ha! Yes! I win!

-Bill Gates

Re:Why is this a big deal?

[imikem]

Relevant line from /etc/services:

telnet 23/tcp imadumbass hackmenow rootrus rotflmao

Re:Why is this a big deal?

[teslar]

I do. And then I sit down naked in the snow and castigate myself with a 9-tail as a punishment for these impure thoughts.

Having said that, today is a good day to find out if that head of IT you never liked anyway has telnet enabled on one of his Solaris machines :)

Who uses telnet these days?

[deevnil]

towel.blinkenlights.nl, that's who.

Re:Telnet? Useless...

...

That was the worst comment I've ever read. If someone wants to know about telnet, they can look it up on wikipedia. It even includes a section on security of telnet.

I just got this in my inbox from Microsoft

[kentrel]

To: You Unix Communists
From: Steve Ballmer
Subject: Pwned
Body:
Microsoft:1 - Unix: NIL LOLOLOLOLOLOL!!!!!!!111

:)
Love Steviepoo

Re:Why is this a big deal?

What's wrong with telnet? I use it to manage my anonymous FTP servers...