Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Exploiting Solaris Telnetd Vulnerability

Posted by Zonk on from the beware-of-rotten-fruit dept.

MichaelSmith writes "Several news sites are reporting that a worm is starting to exploit the Solaris Telnet 0-day vulnerability. By adding simple text to the Telnet command, the system will skip asking for a username and password. If the systems are installed out of the box, they automatically come Telnet-enabled. 'The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted on Tuesday. "One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.'"

4 of 164 comments (clear)

  1. I might have missed something.... by 8127972 · · Score: 3, Informative

    .... but wasn't this just fixed?

    http://blogs.sun.com/tpenta/entry/the_in_telnetd_v ulnerability_exploit

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
  2. What proverb is that? by SanityInAnarchy · · Score: 2, Informative

    proverbial rocket up the backside.

    I'm pretty sure I never heard my mother say, "Son, if you ever expose a Telnet port to the Internet, I'll fire a rocket up your ass!"

    --
    Don't thank God, thank a doctor!
  3. Re:Free software to the rescue? by ebvwfbw · · Score: 2, Informative
    What about replacing telnetd with openbsd's?

    It won't help because the vulnerability is in login (that telnetd calls) and not with telenetd. Since this is almost a month old and everyone should know by now, here it is -

    telnet -l "-froot" [hostname]

  4. Re:Why use telnet, anyway? by 99BottlesOfBeerInMyF · · Score: 2, Informative

    So besides the old argument of "I have legacy systems / applications which rely on telnet and other outdated modes of communication", why would people use telnet? Laziness? Ignorance? What else am I missing here?

    People who use telnet on a large scale that I know of include:

    • European financial companies who are not allowed to use encryption while trading stock for regulatory reasons (on a private network).
    • South and Central American ISPs who provide shell accounts as part of internet access and who have to support the lowest common denominator.
    • Major network operators in Asia and China who run telnet on their control networks.
    • New hardware appliances that are configured once from telnet or console and for whom SSH provides only added complexity since they would be transferring the keys at the same time as their only connection.

    Telnet is not dead and in some cases is appropriate. Those cases are just fairly limited and are less likely to be a problem than someone who just stick a box on the net with telnet enabled because they are lazy/ignorant (which also happens).