Slashdot Mirror

← Back to Stories (view on slashdot.org)

Solaris Telnet 0-day vulnerability

Posted by Hemos on from the frantically-trying-to-fix dept.

philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."

7 of 342 comments (clear)

  1. Why is this a big deal? by nettdata · · Score: 5, Insightful

    Who the hell even THINKS about enabling telnet on any box these days?

    --



    $0.02 (CDN)
    1. Re:Why is this a big deal? by imikem · · Score: 5, Funny

      Relevant line from /etc/services:

      telnet 23/tcp imadumbass hackmenow rootrus rotflmao

      --
      Perscriptio in manibus tabellariorum est.
    2. Re:Why is this a big deal? by teslar · · Score: 5, Funny

      I do. And then I sit down naked in the snow and castigate myself with a 9-tail as a punishment for these impure thoughts.

      Having said that, today is a good day to find out if that head of IT you never liked anyway has telnet enabled on one of his Solaris machines :)

    3. Re:Why is this a big deal? by mi · · Score: 5, Insightful

      If ssh on your cisco boxes is slow, you either have serious network problems [...]

      Most likely, the reverse DNS is misconfigured. This is the number one reason for ssh-login delays. Maybe, the nameservers initially put into the router's configuration are no longer reachable due to subsequent "hardening". Or, maybe, they went away and were replaced long ago — without anybody telling the routers. Nothing else on a router uses DNS usually, so this problem affects only ssh-daemon and gets blamed on it...

      The daemon could, of course, be a little bit smarter and not try to do a reverse DNS, when there are no hostname-based authorization rules in the first place... But that's a minor bug compared to reverse DNS being dysfunctional.

      --
      In Soviet Washington the swamp drains you.
    4. Re:Why is this a big deal? by dknj · · Score: 5, Informative

      except it's not... (at least not as of the 10/06 release)

    5. Re:Why is this a big deal? by 99BottlesOfBeerInMyF · · Score: 5, Informative

      Who the hell even THINKS about enabling telnet on any box these days?

      Sadly, a whole lot of people. I work for a company that makes very expensive and cool specialty servers that perform certain security related functions. As a security company, naturally we take care not to tarnish our reputation by leaving these servers vulnerable themselves. We try to encourage our customers to be moderately responsible as well, as any box can be made insecure. I know of at least on tier-1 ISP that has one of our boxes sitting publicly accessible with telnet enabled and no IP access restrictions.

      As for who uses telnet in general, most ISPs in Asia seem to use telnet to configure their systems via their control networks. Large financial institutions in Europe use telnet, as use of encryption is restricted on their trusted networks, for reasons of transparency to the stock regulating authorities. ISPs in South America often use telnet and provide shell accounts to customers. I'm sure there are more groups that use it for one reason or another.

  2. Re:Here come the fanboys by SatanicPuppy · · Score: 5, Informative

    Sure, but that's not what's being discussed. There is a world of difference between using telnet to fake some other non-encrypted protocol, and leaving the telnet service enabled on your machine.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.