Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote malicious users to log into certain accounts, as demonstrated by the bin account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 11 |
||
sun sunos 5.11 |
||
sun sunos 5.10 |
||
oracle solaris 10 |
Worm turns
Sun Microsystems has urged users to update and secure their Solaris 10 installations after a recently discovered zero-day vulnerability was found in the wild. Sun has posted an online workaround to disable the Solaris 10 telnet service, while advising users to apply patches or protect user accounts using firewalls or IP filtering. "Until patches can be applied, you may wish to block access to the telnet service from untrusted networks such as the internet. Use a firewall or other packet-filterin...