Solaris Telnet 0-day vulnerability
philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."
Relevant line from /etc/services:
telnet 23/tcp imadumbass hackmenow rootrus rotflmao
Perscriptio in manibus tabellariorum est.
I do. And then I sit down naked in the snow and castigate myself with a 9-tail as a punishment for these impure thoughts.
:)
Having said that, today is a good day to find out if that head of IT you never liked anyway has telnet enabled on one of his Solaris machines
towel.blinkenlights.nl, that's who.