Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Exploiting Solaris Telnetd Vulnerability

Posted by Zonk on from the beware-of-rotten-fruit dept.

MichaelSmith writes "Several news sites are reporting that a worm is starting to exploit the Solaris Telnet 0-day vulnerability. By adding simple text to the Telnet command, the system will skip asking for a username and password. If the systems are installed out of the box, they automatically come Telnet-enabled. 'The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted on Tuesday. "One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.'"

6 of 164 comments (clear)

  1. Yep. by AltGrendel · · Score: 4, Insightful
    That's one of the first things any good admin turns off.

    Use SSH.

    ...oh, and don't forget to wear your raincoat.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

    1. Re:Yep. by fm6 · · Score: 4, Insightful

      Yeah, that was my response when I first heard of this bug/exploit. But the real question is, should systems be shiped with telnet enabled? Obviously the answer is "no", but vendors seem to be slow to get this message.

      And note that this worm is enabled by a bug in Solaris's implementation of telnet, not by telnet itself. A similar bug in ssh would have had the same effect.

  2. Oh no by wumpus188 · · Score: 4, Funny

    These 4 users running telnet on solaris are gonna be pissed...

  3. It's been a long day... by Odiumjunkie · · Score: 5, Insightful

    So, just to be clear, this story, posted on March 2nd, is reporting on a worm which has started exploiting a zero day vulnerability that was covered by slashdot on February 12th?

    Isn't twenty days long enough to disable a remotely exploitable and totally unnecessery, unsafe service that no admin in his right mind should have enabled on a box connected to the net anyway?

  4. Should have happened... by alexhs · · Score: 4, Insightful

    What about this argument that OSs other than Microsoft ones don't get malware developped for them because they don't have significant marketshare, again ?

    --
    I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
  5. Telnet for transparency? by Anonymous Coward · · Score: 4, Interesting

    A while ago I found a strange comment here about why telnet was still used, even by security-knowledgeable IT department. The comment was saying this:

    Large financial institutions in Europe use telnet, as use of encryption is restricted on their trusted networks, for reasons of transparency to the stock regulating authorities. (Googling for this phrase should get you the /. comment)

    If this is true (and not the post of a random troll), can anyone shed some light on this? For it seems very strange... There are many other way to provide transparency to the financial authorities without having to compromise your network no!?