Re: Remote root telnet exploit on Solaris 10 and 11

From: Royce Williams <royce@alaska.net>
Date: Mon Feb 12 2007 - 15:36:30 AKST

Tom Simes wrote, on 2/12/2007 1:12 PM:
> On Mon, 12 Feb 2007 12:08:24 -0900
> "Shane Spencer" <shane@bogomip.com> wrote:
>> Check out OpenSolaris, you will probably dig it ans ZFS :) I don't
>> care much for telnet however.
>>
>> On 2/12/07, Damien Hull <dhull@digitaloverload.net> wrote:
>>> I have two questions for you.
>>>
>>> 1. Why would you run Solaris?
>>> 2. Why would you run telnet?
>
> I am not advocating their use. Merely passing along what I consider to
> be some potentially significant news in case admins on this list had
> missed it from the usual sources. By the way, OpenSolaris is
> apperently vulnerable as well:
>
> http://www.lildude.co.uk/2007/02/telnetlogin-vuln-in-solaris-10opensolaris-disable-telnet-now/

Also (since many of us are OS tinkerers), informing the list of an
out-of-the-box remote hole for a common OS might drive home once again
the idea that initial lockdowns should be done off-net. :) Thanks for
the note, Tom.

Now, if someone starts posting Windows vulns here ... that's a
different story. :)

Royce

-- 
Royce D. Williams                                - IP Engineering, ACS
personal: [first]@alaska.net                  - PGP: 3FC087DB/1776A531
work: [first.last]@acsalaska.net         - http://www.tycho.org/royce/
"Don't find fault, find a remedy; anybody can complain."  - Henry Ford
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Feb 12 15:36:45 2007

This archive was generated by hypermail 2.1.8 : Mon Feb 12 2007 - 15:36:45 AKST