lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0702131108180.29328-100000@linuxbox.org>
Date: Tue, 13 Feb 2007 11:08:39 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: Oliver Friedrichs <oliver_friedrichs@...antec.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on
	your network?

On Tue, 13 Feb 2007, Oliver Friedrichs wrote:
> 
> Gadi,
> 
> It looks like I was confused, this actually affected AIX and Linux in
> 1994:
> 
> http://www.securityfocus.com/bid/458/info
> http://www.cert.org/advisories/CA-1994-09.html

Same same but with rlogin, as someone mentioned on DSHIELD.

	Gadi.

> 
> Oliver
> 
> -----Original Message-----
> From: Gadi Evron [mailto:ge@...uxbox.org] 
> Sent: Tuesday, February 13, 2007 1:46 AM
> To: Oliver Friedrichs
> Cc: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> Subject: RE: Solaris telnet vulnberability - how many on your network?
> 
> On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
> > 
> > Am I missing something?  This vulnerability is close to 10 years old.
> > It was in one of the first versions of Solaris after Sun moved off of 
> > the SunOS BSD platform and over to SysV.  It has specifically to do 
> > with how arguments are processed via getopt() if I recall correctly.
> 
> Hey Oliver! :)
> 
> Well than, I guess it just became new again. And to be honest, I have to
> agree with a previous poster and suspect (only suspect) it could somehow
> be a backdoor rather than a bug.
> 
> The reason why this vulnerability is so critical is the number of
> networks and organizations which rely on Solaris for critical production
> servers, as well as use telnet for internal communication on their LAN
> (now how smart is that? I'd rather use telnet on the Internet than on a
> local LAN).
> 
> Further, there are quite a few third party appliances (some
> infrastructure back-end) that can not easily be patched running on
> Solaris (forget fuzzing or VA, people never even NMAP appliances they
> buy).
> 
> I am unsure of how long we will see this in to-do items of corporate
> security teams around the world, but I am sure Sun's /8 is getting a lot
> of action recently.
> 
> > 
> > Oliver
> 
> 	Gadi.
> 
> > 
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge@...uxbox.org]
> > Sent: Sunday, February 11, 2007 10:01 PM
> > To: bugtraq@...urityfocus.com
> > Cc: full-disclosure@...ts.grok.org.uk
> > Subject: Solaris telnet vulnberability - how many on your network?
> > 
> > Johannes Ullrich from the SANS ISC sent this to me and then I saw it 
> > on the DSHIELD list:
> > 
> > ----
> >     If you run Solaris, please check if you got telnet enabled NOW. If
> 
> > you
> >     can, block port 23 at your perimeter. There is a fairly trivial
> >     Solaris telnet 0-day.
> > 
> >     telnet -l "-froot" [hostname]
> > 
> >     will give you root on many Solaris systems with default installs
> >     We are still testing. Please use our contact form at
> >     https://isc.sans.org/contact.html
> >     if you have any details about the use of this exploit.
> > ----
> > 
> > You mean they still use telnet?!
> > 
> > Update from HD Moore:
> > "but this bug isnt -froot, its -fanythingbutroot =P"
> > 
> > On the exploits@ mailing list and on DSHIELD this vulnerability was 
> > verified as real.
> > 
> > If Sun doesn't yet block port 23/tcp incoming on their /8, I'd make it
> 
> > a strong suggestion.
> > 
> > Anyone else running Solaris?
> > 
> > 	Gadi.
> > 
> > 
> 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ