|
Full Disclosure
mailing list archives
Re: Solaris telnet vulnerability - how many on your network?
From: Brad_Powell () amat com
Date: Mon, 12 Feb 2007 13:16:53 -0800
Vincent Archer <varcher () denyall com> wrote on 02/12/2007 04:51:07 AM:
I don't speak for Sun, but here are some hints that might help.
OS packaging person here (the guy who defines the exact stripped version
we install on customer appliance) did test with root, and it worked. I
suspect it is dependent on whether root is enabled as allowed as a
remote
login or not (a setting I dimly remember being available on solaris 10
years ago, I think).
For root login; there is a setting in /etc/default/login. If CONSOLE is
set, then root can only login
on that device i.e. "CONSOLE=/dev/ttya" means "root" can only login on
ttya device. Any other user via
telnet/ssh/whatever has to login as themselves and "su" to root.
This doesn't prevent telnet -l "-fbin", or -flp; for those accounts best
bet is to change /etc/passwd for the shell of system-account users to
/sbin/noshell or /bin/false (noshell just logs the entry and exists)
Of course disabling in.telnetd in /etc/inetd.conf (and doing a pkill -HUP
inetd) if possible is a safe bet,
but some sites are forced to use telnetd.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
