Sponsored LinksSubscribe to this blog     
КатегорииLinksUnix Tutorial
Personal Development Ruslan Valiev Solaris Performance Team Damien Farnham Fintan Ryan Nicky Veitch Niall Mullen Sean McGrath DTrace Bryan Cantrill Brendan Gregg ZFS Tim Foster General Ben Rockwood Learning Solaris 10 Privacy policy |
Wednesday, February 14. 2007Large vulnerability in.telnetd in Solaris 10
Last weekend, a telnet vulnerability in Solaris 10 was found. Within hours, the fix was integrated into OpenSolaris, and on Monday we saw the first patches available and a Sun document on how to fix it.
Attention: this vulnerability is indeed very serious. It allows remote systems gain root access to Solaris 10 box under certain circumstances. The keywords in this sentence are "vulnerability - very serious" and "under certain circumstances". While I've seen many posts and articles focusing readers' attention on the seriousness of this vulnerability, I would like to draw your attention to few facts describing the "under certain circumstances" bit of this warning: 1) This vulnerability affects certain releases of Solaris 10 (s10u1 and s10u2) and OpenSolaris/Nevada only. Solaris 9 and older Solaris releases are not affected. Solaris 10 Update 3 is not affected (it has only SSH enabled by default, so telnet service is disabled in default installation) 2) This vulnerability will not allow remote root logins using telnet in your typical out-of-box Solaris installation. What I'm saying is that this exploit will not help hackers gain root access to your system, even if you have telnet enabled on your Solaris 10 box, unless you have implicitly commented out the CONSOLE=/dev/console line in your /etc/default/login file.UPDATE: unfortunately, this does not mean hackers can't use other accounts to access your system without password. Using this vulnerability, the will be able to successfully log into your system as bin, adm, sys or lp. Surely, they're not as dangerous as remote root logins, but still harmful enough. Possible ways for you to fix this problem: 1. Disable telnet to root for non CONSOLE logins (if that was for some reason enabled by commenting the line out) 2. Disable telnet service svcadm disable svc:/network/telnet:default 3. Apply relevant patch: T-Patch (ISR) is found here: http://sunsolve.sun.com/tpatches alternatively, just patch the in.telnetd: Patch for SPARC: 120068-02. Patch for x86: 120069-02. Interesting info on how this vulnerability was fixed by Sun: Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
2) This vulnerability will not allow remote root logins
did you try logging in as 'bin' ?
Hey Justin,
You're absolutely right - I've just updated the post to clarify this. While bin,sys,adm and other system accounts are not as dangerous as root privileges, they're definitely enough to damage a system. Thanks for pointing this out! Gleb |
