Slashdot Mirror


Solaris Telnet 0-day vulnerability

philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."

4 of 342 comments (clear)

  1. Re:Why is this a big deal? by imikem · · Score: 5, Funny

    Relevant line from /etc/services:

    telnet 23/tcp imadumbass hackmenow rootrus rotflmao

    --
    Perscriptio in manibus tabellariorum est.
  2. Re:Why is this a big deal? by teslar · · Score: 5, Funny

    I do. And then I sit down naked in the snow and castigate myself with a 9-tail as a punishment for these impure thoughts.

    Having said that, today is a good day to find out if that head of IT you never liked anyway has telnet enabled on one of his Solaris machines :)

  3. Who uses telnet these days? by deevnil · · Score: 3, Funny

    towel.blinkenlights.nl, that's who.

  4. I just got this in my inbox from Microsoft by kentrel · · Score: 2, Funny
    To: You Unix Communists
    From: Steve Ballmer
    Subject: Pwned
    Body:
    Microsoft:1 - Unix: NIL LOLOLOLOLOLOL!!!!!!!111


    :)
    Love Steviepoo