|
Full Disclosure
mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: Graham Reed <greed () pobox com>
Date: Mon, 12 Feb 2007 15:36:59 -0500
Vincent Archer writes:
We do, and we confirm. The info is spreading like wildfire, and justifiably
so - I thought this bug category (-fuser) was squashed last with AIX over
10 years ago.
Everybody with the BSD tools had this bug 10-12 years ago; AIX stood out
because there was some guy at IBM who was being... vocal about how much of a
pain for him it was that people were exploiting the bug and making him work
late. Curiously, he disappeared off USENET and couldn't be found in the IBM
directory shortly after his manager posted a public apology....
But this is pathetic. It's 2007, this is a known attack vector for the
rlogin/telnet family of commands. And it does work on all our Solaris 10
boxes. At least they're behind a firewall.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
