[geeks] Solaris 10 Remote-Root Exploit

Lionel Peterson lionel4287 at verizon.net
Mon Feb 12 11:07:23 CST 2007


>From: Doug McLaren <dougmc at frenzied.us>
>Date: 2007/02/12 Mon AM 10:45:14 CST
>To: The Geeks List <geeks at sunhelp.org>
>Subject: Re: [geeks] Solaris 10 Remote-Root Exploit

>On Mon, Feb 12, 2007 at 10:32:54AM -0600, Lionel Peterson wrote:
>
>| Wait a minute, I just tried this on my local box, and found the following results from my WinXP laptop:
>
>The Windows telnet is brain-dead in some respects.  It's not the best
>thing for testing.

Agreed, so I went to my Opteron Solaris 10 Update 3 desktop and tried the same thing, no go... Can't recreate the problem.

>| My thought is that this *exploit* requires that you have either
>| disabled the system console check on telnet *or* you are sitting on
>| the console when you do this. It's a problem, but I think the original
>| poster (pointed to by slashdot) disabled the telnet check for root on
>| system console.
>
>Perhaps, but then it could still be used to get into *other* accounts.

My testing doesn't bear that out - Update 3 telnet client to Update 2 telnetd server fails, and asks for user password. My Update 3 desktop doesn't have telentd started, because I choose not to during install...

I was on a user "lionel" on my Update 3 desktop, and could not access "root" OR "lionel" on the remote machine.

The password is always asked for.

Has anyone on the list been able to recreate this problem? Not being argumentative, but I can't seem to do it here, but the descriptions I'm seeing are sketchy at best.

Ideally, I should set up a completely stock Solaris 10 machine with Update 2 and try and recreate the issue, but unless someone else can report success, I don't see the point - the "system console" check is never by-passed, AFAIK...

Lionel



More information about the geeks mailing list