[rescue] Solaris 10 Remote-Root Exploit
der Mouse
mouse at Rodents.Montreal.QC.CA
Wed Feb 14 11:18:33 CST 2007
>> And I've just checked and my telnetd is not vulnerable. Most of the
>> scanning activity is attempted exploits against my sshd anyway.
> All telnetd are vulnerable to clear-text password interception.
Not true; telnet can be Kerberized, and I think it can be TLSed as
well. And even those aside, nothing says that a clear-text password is
the authentication/authorization method in use; nobody can intercept
something that isn't sent. (What else could it be? SecurID is the
first example that comes to mind. And in some uses, there may be no
auth{entic,oriz}ation info involved at all, as when using telnet to
export something to the world.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the rescue
mailing list