Worm Exploiting Solaris Telnetd Vulnerability 164
MichaelSmith writes "Several news sites are reporting that a worm is starting to exploit the Solaris Telnet 0-day vulnerability. By adding simple text to the Telnet command, the system will skip asking for a username and password. If the systems are installed out of the box, they automatically come Telnet-enabled. 'The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted on Tuesday. "One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.'"
Yep. (Score:5, Insightful)
Use SSH.
...oh, and don't forget to wear your raincoat.
Mine is! (Score:3, Insightful)
It's been a long day... (Score:5, Insightful)
Isn't twenty days long enough to disable a remotely exploitable and totally unnecessery, unsafe service that no admin in his right mind should have enabled on a box connected to the net anyway?
Re:Yep. (Score:5, Insightful)
Yeah, that was my response when I first heard of this bug/exploit. But the real question is, should systems be shiped with telnet enabled? Obviously the answer is "no", but vendors seem to be slow to get this message.
And note that this worm is enabled by a bug in Solaris's implementation of telnet, not by telnet itself. A similar bug in ssh would have had the same effect.
Should have happened... (Score:5, Insightful)
Other Telnet vulnerabilities (Score:3, Insightful)
A new box won't have this problem... (Score:3, Insightful)
Existing boxes need to fix this, but a patch has been out for a while - are we dealing with the "short bus" hackers that it took this long to actually exploit? Why, oh why, doesn't Solaris warrant better hackers?
Re:Yep. (Score:4, Insightful)
Re:Yep. (Score:3, Insightful)
SSHD DOES give you magical powers - real passwords (Score:3, Insightful)
At least they do come with a binch of stuff disabled by default, and with a fairly recent version of SSH.
I *DO* have numerous Solaris hosts happily floating in the effuent of an unfirewalled Internet connection, and they are probed continually for guessable passwords. Since my passwords are something like "2q3cb07rqwpexnbyslgfsdjhg" and I use only ssh for acccess I can sleep at night.
Re:It's been a long day... (Score:1, Insightful)
Re:Yep. (Score:3, Insightful)
Re:Yep. (Score:3, Insightful)
Yeah, that was my response when I first heard of this bug/exploit. But the real question is, should systems be shiped with telnet enabled? Obviously the answer is "no", but vendors seem to be slow to get this message.
Why the hell not? Installation of Solaris is not exactly an "end user" type of operations. More likely it would be performed by an IT professional. Having telnet enabled initially makes it easy to setup the system from another location without worrying about making ssh or anything else work.
The real stupidity is the admins who don't care enough to actually do their job and disable telnet. These are the people who should know better. Chances are, Sun has received more calls about why telnet is NOT enabled by default than they have for the opposite. The real lesson is, don't plug a box into an untrusted network with telnet running.