Hey, rooms don't heat themselves, Damien.
Adam
> I have two questions for you.
>
> 1. Why would you run Solaris?
> 2. Why would you run telnet?
>
>
>
> Tom Simes wrote:
>> http://isc.sans.org/diary.html?storyid=2220
>>
>> From the article (Published: 2007-02-12):
>> There is a major zero day bug announced in solaris 10 and 11 with the
>> telnet and login combination. It has been verified.
>> ...
>> The issue:
>> The telnet daemon passes switches directly to the login process which
>> looks for a switch that allows root to login to any account without a
>> password. If your telnet daemon is running as root it allows
>> unauthenticated remote logins
>> ...
>> Versions of Solaris 9 and lower do not appear to have this
>> vulnerability.
>> ...
>> The FIX:
>> To disable telnet in solaris 10 or 11 this command should work.
>> svcadm disable telnet
>>
>> Tom
>>
>> ======================================================================
>> "Z-80 system stack overflow. Shut 'er down Scotty, the system's
>> sucking mud" - Error message on TRS 80 Model-16B
>>
>> Tom Simes simestd@netexpress.com
>> ======================================================================
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Feb 12 13:13:11 2007
This archive was generated by hypermail 2.1.8 : Mon Feb 12 2007 - 13:13:11 AKST