Worm Exploiting Solaris Telnetd Vulnerability 164
MichaelSmith writes "Several news sites are reporting that a worm is starting to exploit the Solaris Telnet 0-day vulnerability. By adding simple text to the Telnet command, the system will skip asking for a username and password. If the systems are installed out of the box, they automatically come Telnet-enabled. 'The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted on Tuesday. "One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.'"
I might have missed something.... (Score:4, Informative)
http://blogs.sun.com/tpenta/entry/the_in_telnetd_
What proverb is that? (Score:3, Informative)
I'm pretty sure I never heard my mother say, "Son, if you ever expose a Telnet port to the Internet, I'll fire a rocket up your ass!"
Re:Free software to the rescue? (Score:2, Informative)
It won't help because the vulnerability is in login (that telnetd calls) and not with telenetd. Since this is almost a month old and everyone should know by now, here it is -
telnet -l "-froot" [hostname]
Re:Why use telnet, anyway? (Score:3, Informative)
People who use telnet on a large scale that I know of include:
Telnet is not dead and in some cases is appropriate. Those cases are just fairly limited and are less likely to be a problem than someone who just stick a box on the net with telnet enabled because they are lazy/ignorant (which also happens).