Solaris

Last Tuesday, the 6th meeting of Irish Open Solaris User Group was held, and it's a real shame I couldn't come. Obviously, I don't regret this just because of the free beers and pizza (but this was a GREAT idea, Tim!), it's just that I always like the great presentations you get to see at such meetings.

So far, there are only slides with OpenSolaris news for February'07, made by Tim Foster himself. Tim has done it again: he improved his presentations! Now every piece of news has a link for you to follow and read more on the subject. Thanks a lot, Tim!

John Rice presented a talk on Java-GNOME bindings, but there are no slides for this yet. As soon as they are ready - wait for a message on Tim's blog or on the official IOSUG page.

Last weekend, a telnet vulnerability in Solaris 10 was found. Within hours, the fix was integrated into OpenSolaris, and on Monday we saw the first patches available and a Sun document on how to fix it.

Attention: this vulnerability is indeed very serious. It allows remote systems gain root access to Solaris 10 box under certain circumstances.

The keywords in this sentence are "vulnerability - very serious" and "under certain circumstances". While I've seen many posts and articles focusing readers' attention on the seriousness of this vulnerability, I would like to draw your attention to few facts describing the "under certain circumstances" bit of this warning:

1) This vulnerability affects certain releases of Solaris 10 (s10u1 and s10u2) and OpenSolaris/Nevada only. Solaris 9 and older Solaris releases are not affected. Solaris 10 Update 3 is not affected (it has only SSH enabled by default, so telnet service is disabled in default installation)
2) This vulnerability will not allow remote root logins using telnet in your typical out-of-box Solaris installation. What I'm saying is that this exploit will not help hackers gain root access to your system, even if you have telnet enabled on your Solaris 10 box, unless you have implicitly commented out the
line in your /etc/default/login file.
UPDATE: unfortunately, this does not mean hackers can't use other accounts to access your system without password. Using this vulnerability, the will be able to successfully log into your system as bin, adm, sys or lp. Surely, they're not as dangerous as remote root logins, but still harmful enough.

Possible ways for you to fix this problem:
1. Disable telnet to root for non CONSOLE logins (if that was for some reason enabled by commenting the line out)
2. Disable telnet service

3. Apply relevant patch:
T-Patch (ISR) is found here: http://sunsolve.sun.com/tpatches
alternatively, just patch the in.telnetd:
Patch for SPARC: 120068-02.
Patch for x86: 120069-02.


Interesting info on how this vulnerability was fixed by Sun:

Alan Hargreaves gives a full history of events in his the in.telnetd vulnerability exploit post.

Dan McDonald explains how he had learned about the vulnerability and how the fix was written and put back into the OpenSolaris source tree: How OpenSolaris Did Its Job