lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <78206369ABE25F4BAFC3FBC8858B09D0023E5B99@SVL1XCHCLUPIN01.enterprise.veritas.com>
Date: Mon, 12 Feb 2007 22:10:42 -0800
From: "Oliver Friedrichs" <oliver_friedrichs@...antec.com>
To: "Gadi Evron" <ge@...uxbox.org>, <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Subject: RE: Solaris telnet vulnberability - how many on your network?


Am I missing something?  This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV.  It has specifically to do with
how arguments are processed via getopt() if I recall correctly.

Oliver 

-----Original Message-----
From: Gadi Evron [mailto:ge@...uxbox.org] 
Sent: Sunday, February 11, 2007 10:01 PM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Solaris telnet vulnberability - how many on your network?

Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:

----
    If you run Solaris, please check if you got telnet enabled NOW. If
you
    can, block port 23 at your perimeter. There is a fairly trivial
    Solaris telnet 0-day.

    telnet -l "-froot" [hostname]

    will give you root on many Solaris systems with default installs
    We are still testing. Please use our contact form at
    https://isc.sans.org/contact.html
    if you have any details about the use of this exploit.
----

You mean they still use telnet?!

Update from HD Moore:
"but this bug isnt -froot, its -fanythingbutroot =P"

On the exploits@ mailing list and on DSHIELD this vulnerability was
verified as real.

If Sun doesn't yet block port 23/tcp incoming on their /8, I'd make it a
strong suggestion.

Anyone else running Solaris?

	Gadi.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ