I have two questions for you.
1. Why would you run Solaris?
2. Why would you run telnet?
Tom Simes wrote:
> http://isc.sans.org/diary.html?storyid=2220
>
> From the article (Published: 2007-02-12):
> There is a major zero day bug announced in solaris 10 and 11 with the
> telnet and login combination. It has been verified.
> ...
> The issue:
> The telnet daemon passes switches directly to the login process which
> looks for a switch that allows root to login to any account without a
> password. If your telnet daemon is running as root it allows
> unauthenticated remote logins
> ...
> Versions of Solaris 9 and lower do not appear to have this
> vulnerability.
> ...
> The FIX:
> To disable telnet in solaris 10 or 11 this command should work.
> svcadm disable telnet
>
> Tom
>
> ======================================================================
> "Z-80 system stack overflow. Shut 'er down Scotty, the system's
> sucking mud" - Error message on TRS 80 Model-16B
>
> Tom Simes simestd@netexpress.com
> ======================================================================
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Feb 12 11:40:37 2007
This archive was generated by hypermail 2.1.8 : Mon Feb 12 2007 - 11:40:37 AKST