Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network?

Casper.Dik@xxxxxxx wrote:
On Tue, 13 Feb 2007 Casper.Dik@xxxxxxx wrote:
On Tue, 13 Feb 2007 Casper.Dik@xxxxxxx wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do w=
ith
how arguments are processed via getopt() if I recall correctly.
You're confused with AIX/Linux

Solaris did not have the -f option in login until much later.
Hi Casper. While we have you here, any idea on when Sun will be patching
this issue?
Now, follow the links from http://sunsolve.sun.com/tpatches

Casper

Many thanks Casper! Can you give some more information on exactly what is
patched. Any Sun released advisory?


The simplest possible fix on such short notice:

http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c?r2=3629&r1=2923

Casper


How about just uncommenting the following from /etc/default/login

# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console

Not a fix to be sure, but at least prevents a remote login.

Joe
--
Joe Shamblin wjs@xxxxxxxxxxx
Senior Systems Administrator Department of Computer Science
(919) 660-6582 Duke University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Expanded Solaris Security
    ... Sun Expands Availability of Solaris Security ... the root, dividing or limiting root access by user. ... Because Trusted Solaris provides access control at the root, ...
    (Focus-SUN)
  • Re: Solaris telnet vulnberability - how many on your network?
    ... Solaris did not have the -f option in login until much later. ... any idea on when Sun will be patching ... root can only login on that device. ... Not a fix to be sure, but at least prevents a remote login. ...
    (Bugtraq)
  • Re: Making /var its own filesystem (T1000)
    ... of moving a directory from root to its own filesystem? ... I'd recommend reinstalling all new Sun boxes. ... other Solaris box and reinstall the T1000 that way. ...
    (comp.unix.solaris)
  • Remote login
    ... I am using solaris 8, how can stop remote login, for root & some other ... how can set remote login turned off, I don't some user login directly, they ...
    (SunManagers)
  • s and S run levels
    ... Please find the below run level in solaris. ... Solaris 10 recommended patches (Brent) ... prstat 99% more info ... Sun StorEdge DAT 72 Tape Drive ...
    (SunManagers)