Slashdot Mirror

← Back to Stories (view on slashdot.org)

Solaris Telnet 0-day vulnerability

Posted by Hemos on from the frantically-trying-to-fix dept.

philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."

4 of 342 comments (clear)

  1. Re:Why is this a big deal? by Minwee · · Score: 2, Interesting

    Well, according to TFA, nobody should.

  2. 0-day? by Aladrin · · Score: 2, Interesting

    Maybe I'm just confused, but doesn't '0-day' mean the exploit was found the day the code in question was released?

    I generally don't follow Solaris, and 11 might have just come out, but I seriously doubt 10 and 11 both came out at the same time.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. Re:Why is this a big deal? by bockelboy · · Score: 4, Interesting

    Let me take a crack at this:

    1) Fermi National Accelerator Laboratory.

    That'll account for a couple thousand computers. It's left as an exercise for the reader to find other sites.

    Are they just crazy? I know that almost every single box at FNAL has the telnet daemon running, and is behind no firewall. Why aren't they hacked-to-death? Kerberos.

    FNAL has a policy that every service beyond central IT's web pages is protected by Kerberos. The Kerberos-enabled version of telnet is as secure as one can get; I've been told by their sysadmins that it is more secure than SSH because it is simpler and the network and authz/authn stacks are separated. So, historically, Kerberos-enabled telnet has had less bugs than SSH.

    Just because YOU don't run telnet (or don't know how to run it securely) doesn't mean that there aren't thousands of boxes out there that are secured by it.

    If there are actually any Sun boxes at FNAL (they were one of the original big adopters of Linux), you can bet they'll probably be turned off today...

  4. Re:Why is this a big deal? by ePhil_One · · Score: 2, Interesting
    It may take _that_ long on a sparc box, but stick some nice amd opterons in there and you'll never even notice.

    Thats nice and all, but I believe the GP was referring to systems w/ embedded processors, where thast not an option, and I also think he was whining about the initial key gereation (that first time you set it up process), which can take a bit of time on embedded processors. As an example, the Pix 515 has a lowly Pentium 166 at its core, the heavy math of calculating big primes can take a while. Then again, there's still some equipment out there that doesn't support SSH, only telnet.

    None of which applies to TFA, which deals with using Telnet to access SUN servers/workstations, I agree there no reason that should be left on and it mystifies me that it continues to be the default for the big commercial Unixes (Both AIX and Solaris seem to want to use it by default, you have to enable SSH and turn off Telnet intentionally.

    --
    You are in a maze of twisted little posts, all alike.