lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 12 Feb 2007 13:28:59 -0800
From: Brad_Powell@...t.com
To: bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: Re: Solaris telnet vulnerability - how many on
 your network?

Vincent Archer <varcher@...yall.com> wrote on 02/12/2007 04:51:07 AM:

I don't speak for Sun, but here are some hints that might help.
> 
> OS packaging person here (the guy who defines the exact stripped version
> we install on customer appliance) did test with root, and it worked. I
> suspect it is dependent on whether root is enabled as allowed as a 
remote
> login or not (a setting I dimly remember being available on solaris 10
> years ago, I think).

For root login; there is a setting in /etc/default/login. If CONSOLE is 
set, then root can only login
on that device i.e. "CONSOLE=/dev/ttya" means "root" can only login on 
ttya device. Any other user via
telnet/ssh/whatever has to login as themselves and "su" to root.

This doesn't prevent telnet -l "-fbin", or -flp; for those accounts best 
bet is to change /etc/passwd for the shell of system-account users to 
/sbin/noshell or /bin/false (noshell just logs the entry and exists)

Of course disabling in.telnetd in /etc/inetd.conf (and doing a pkill -HUP 
inetd) if possible is a safe bet,
but some sites are forced to use telnetd.



Brad Powell
Sr. Security Manager
Information Security and Risk Management.
Global Information Services.
Applied Materials Inc.
Office 408- 563-1350

The content of this message is Applied Materials Confidential.  If you are 
not the intended recipient and have received this message in error, any 
use or distribution is prohibited. Please notify me immediately by reply 
e-mail and delete this message from your computer system. Thank you.
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ