Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Solaris telnet vulnberability - how many on your network?
From: "Ham Beast" <i.am.hambeast () gmail com>
Date: Tue, 13 Feb 2007 14:28:30 -0800

seriously why the fuck is 100000 email on the telnet of the solaris with
worthless content by gadi enron in mine inbox?

off take your jacket sports please !!!!!!!!

On 2/13/07, Casper.Dik () sun com <Casper.Dik () sun com> wrote:


>On Tue, 13 Feb 2007 Casper.Dik () Sun COM wrote:
>>
>> >On Tue, 13 Feb 2007 Casper.Dik () Sun COM wrote:
>> >>
>> >> >
>> >> >Am I missing something?  This vulnerability is close to 10 years
old.
>> >> >It was in one of the first versions of Solaris after Sun moved off
of
>> >> >the SunOS BSD platform and over to SysV.  It has specifically to do
w=
>> >> >ith
>> >> >how arguments are processed via getopt() if I recall correctly.
>> >>
>> >> You're confused with AIX/Linux
>> >>
>> >> Solaris did not have the -f option in login until much later.
>> >
>> >Hi Casper. While we have you here, any idea on when Sun will be
patching
>> >this issue?
>>
>> Now, follow the links from http://sunsolve.sun.com/tpatches
>>
>> Casper
>>
>
>Many thanks Casper! Can you give some more information on exactly what is
>patched. Any Sun released advisory?


The simplest possible fix on such short notice:


http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c?r2=3629&r1=2923

Casper

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault