[geeks] Solaris 10 Remote-Root Exploit
Dave K
davek08054 at gmail.com
Mon Feb 12 12:19:44 CST 2007
On 2/12/07, Lionel Peterson <lionel4287 at verizon.net> wrote:
> 1) Were you logged in as "root" or "non-superuser user"?
Non-root user, different then the user being logged in as.
> 2) What is OS of Telnet client you are using (Linux, Solaris, etc.)?
Linux.
> 3) Is there any logical connection between the two machines (as I understand it "-f" sends credentials to telnetd, I want to make sure there is no connection between the two.
In some cases they are in the same NIS domain, but not in all cases.
> I am curious if you have two machines with identical root passwords when this is successful...
Different root passwords.
And when logging into non-root accounts, all the passwords (and
account names) were different.
> Thanks for the datapoints - I really do appreciate it.
I have been able to duplicate this against a Sol10 X86 system also.
That one gives me the "Not on system console" for root, but allows me
to become any non-root user (local or NIS).
--
Dave K
Unix Systems & Network Administrator
Mount Laurel NJ
More information about the geeks
mailing list