[rescue] Solaris 10 Remote-Root Exploit

Peter Corlett abuse at cabal.org.uk
Wed Feb 14 10:55:48 CST 2007


On Wed, Feb 14, 2007 at 11:41:21AM -0500, Kevin Loch wrote:
> Peter Corlett wrote:
[...]
>> And I've just checked and my telnetd is not vulnerable. Most of the
>> scanning activity is attempted exploits against my sshd anyway.
> All telnetd are vulnerable to clear-text password interception.

*Most* telnetd, perhaps. Some support TLS. The shonky joke of a userspace
that Sun provide with their kernel might not, but fortunately Sun isn't the
only game in town.

My user knows that the password is in plain text, and is happy to take the
risk. It's no more risky than logging in to a website on a plain http page,
or picking up mail with plain POP3, after all.



More information about the rescue mailing list