[geeks] Solaris 10 Remote-Root Exploit

Lionel Peterson lionel4287 at verizon.net
Mon Feb 12 11:21:13 CST 2007


>From: Lionel Peterson <lionel4287 at verizon.net>
>Date: 2007/02/12 Mon AM 11:07:23 CST
>To: The Geeks List <geeks at sunhelp.org>
>Subject: Re: [geeks] Solaris 10 Remote-Root Exploit

>>From: Doug McLaren <dougmc at frenzied.us>
>>Date: 2007/02/12 Mon AM 10:45:14 CST
>>To: The Geeks List <geeks at sunhelp.org>
>>Subject: Re: [geeks] Solaris 10 Remote-Root Exploit
>
>>On Mon, Feb 12, 2007 at 10:32:54AM -0600, Lionel Peterson wrote:
>>
>>| Wait a minute, I just tried this on my local box, and found the following results from my WinXP laptop:
>>
>>The Windows telnet is brain-dead in some respects.  It's not the best
>>thing for testing.
>
>Agreed, so I went to my Opteron Solaris 10 Update 3 desktop and tried the same thing, no go... Can't recreate the problem.
>

Attempt to go "root to root" gave me this:

# telnet -f -l root 192.168.1.159
Error getting Kerberos 5 realms for: 192.168.1.159 (service not available)
Trying 192.168.1.159...
Connected to 192.168.1.159.
Escape character is '^]'.
Password:
Not on system console
Connection to 192.168.1.159 closed by foreign host.
#

(note password request)

And going root to "user" gave me:

# telnet -f -l lionel 192.168.1.159
Error getting Kerberos 5 realms for: 192.168.1.159 (service not available)
Trying 192.168.1.159...
Connected to 192.168.1.159.
Escape character is '^]'.
Password:
Last login: Mon Feb 12 12:15:33 from 192.168.1.166
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
$ uname -a
SunOS hundredbux 5.10 Generic sun4u sparc SUNW,Ultra-5_10
$

(note password request again)

Just a few datapoints - anyone recreate this yet?

Lionel



More information about the geeks mailing list