[exploits] [Dshield] Solaris Telnet 0-day (Important!) (fwd)
Bojan Zdrnja (SANS ISC)
bojan.isc at gmail.com
Sun Feb 11 23:53:14 CST 2007
On 2/12/07, curtw at siu.edu <curtw at siu.edu> wrote:
>
> I've tested a bunch of hosts of various Solaris flavors and have
> not gotten any leverage with this "exploit". Has any auditor/
> pentester actually used this with success?
I can confirm that it works on Solaris 10. In some cases people will
have root logins limited to only the console (by setting the CONSOLE
entry in /etc/default/login). This prevents one from logging in as
root, but they can still login as any other account on the machine,
for example it works as bin.
I've tested Solaris 9 and it wasn't vulnerable. Haven't tested Solaris
8, but Donald did and he said it's not vulnerable either.
Bojan
ISC Handler
More information about the exploits
mailing list