Slashdot Mirror
Solaris Telnet 0-day vulnerability
philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."
Why would anyone keep the telnet port open anyway? SSH is so much more secure (if set up properly) and is just as easy to use. In fact, I find it easier for some tasks.
Hasn't telnet been the source of many dozens of *nix vulnerabilities in the past? From the synopsis, it sounds like this bug is only there because nobody is working on the telnet codebase anymore - it is likened to the Linux exploit from '94. For my own part, the first thing I do when setting up a *nix system is disable the daemon, and the second is to make sure the firewall blocks the port in all directions.
This is not to say this shouldn't be reported, but I think it is more an example why telnet can realistically be considered obsolete technology, and should always, ALWAYS be disabled by default. It's not Windows, after all.
[Dr. Evil] No. Not really. The use of Telnet has been deprecated for the better part of a decade now. Telnet was never really designed with end-to-end security in mind. It's just an easy way to gain shell access with a token login.
Chas - The one, the only.
THANK GOD!!!
Due to the holes in telnet, many Web professionals prefer the more secure SSH, which stands for "Secure Shell." Telnet could now be called "Unsecure Shell," where the "shell" refers to shell access. This level of access is similar to reaching the C: command prompt in DOS, where you have access to the full operating system. Hackers want to gain shell access, so they can wreak havoc with your site as well as damage other sites on the server if multiple sites are hosted.