[geeks] Solaris 10 Remote-Root Exploit
Doug McLaren
dougmc at frenzied.us
Mon Feb 12 10:45:14 CST 2007
On Mon, Feb 12, 2007 at 10:32:54AM -0600, Lionel Peterson wrote:
| Wait a minute, I just tried this on my local box, and found the following results from my WinXP laptop:
The Windows telnet is brain-dead in some respects. It's not the best
thing for testing.
| My thought is that this *exploit* requires that you have either
| disabled the system console check on telnet *or* you are sitting on
| the console when you do this. It's a problem, but I think the original
| poster (pointed to by slashdot) disabled the telnet check for root on
| system console.
Perhaps, but then it could still be used to get into *other* accounts.
I recall fixing this problem in AIX with a shell script in 1994 --
http://www.security-express.com/archives/bugtraq/1994_2/0291.html
I imagine if you really did need telnet open to the world, and Sun
hadn't put out a fix yet, you could do the same thing.
Anybody know if Sun also used the JFH shadow suite? That's what bit
Linux and AIX 12 years ago with the rlogind hole.
--
Doug McLaren, dougmc at frenzied.us
Looks like someone has a case of the Mondays!
More information about the geeks
mailing list