On CBS MoneyWatch: 5 Best College Towns to Live In
BNET Business Network:
BNET
TechRepublic
ZDNet

February 11th, 2007

Code posted for Solaris remote root exploit

Posted by Ryan Naraine @ 3:32 pm

Categories: Exploit code, Hackers, Open source, Patch Watch, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Telnet, Hacker, Sun Solaris, Ryan Naraine

An anonymous hacker has posted instructions on how to launch attacks against a remote root exploit in the Solaris 10/11 telnet daemon.

The exploit, published at Full Disclosure and Milw0rm, exposes a zero-day hole affecting the free and open-source operating system. There are no patches available.

The SANS ISC (Internet Storm Center) is describing the issue as a “major zero day bug” that should be immediately mitigated by disabling telnet in Solaris 10/11.

SANS ISC handler Donald Smith explains:

The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins.

David Maynor, chief technical officer at Errata Security, warns that the issue is trivial to exploit. “It doesn’t require any skill, any exploit knowledge, and can be scripted for mass attacks.”

“This combined with a reliable local privilege escalation exploit would be devastating. Expect mass scanning and possibly the widespread exploitation of this vulnerability,” Maynor added.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 12 Talkback(s)
Ignorance is ... well just ignorance
So you assume that because it's on by default out of the box that that is how it's deployed. Don't judge Solaris admins by the standards you have encountered in the Windows world. Fortunatley Unix peo... (Read the rest)
Posted by: Mad Dan Posted on: 02/13/07 You are currently: a Guest | | Terms of Use
People run telnet with access from the web?  TripleII | 02/11/07
You must be a Mac person as well  TonyMcS | 02/11/07
Nope  TripleII | 02/12/07
You are...  dmaynor | 02/12/07
I agree - telnet itself is considered a security risk!  Zogg | 02/12/07
Unix admin 101  BobF_z | 02/12/07
Slow news day then.....  Mad Dan | 02/12/07
enabled by default  Ryan NaraineZDNet Moderator | 02/12/07
Everything in Solaris is enabled by default  georgeou | 02/12/07
Last I checked, AIX is the same way  nucrash | 02/12/07
I think you meant  tombalablomba | 02/12/07
Ignorance is ... well just ignorance  Mad Dan | 02/13/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc