Solaris flaw a reminder of why Telnet is toast

This week in Security Blog Log: Industry experts say a flaw in Sun Microsystems' Solaris 10 operating system should serve as a stark reminder that Telnet is not safe.


Sun Microsystems quickly patched a zero-day Telnet flaw in its Solaris 10 operating system after it was disclosed earlier in the week.

But for several security bloggers, the flaw served as a stark reminder that Telnet is easy pickings for the bad guys and should not be used anymore.

Several security organizations issued urgent warnings about the Solaris flaw Monday, describing it as a serious design error in the operating system's Telnet daemon that allows for unauthenticated remote root logins

"This vulnerability can be exploited by using standard Telnet commands, further increasing the severity of this exposure," Cupertino, Calif.-based antivirus giant Symantec Corp. warned in an emailed message to customers of its DeepSight threat management service. "An exploit for this issue was released without an associated advisory and therefore it is believed that it has been exploited in the wild prior to the release."

The French Security Incident Response Team (FrSIRT) has rated the problem high-risk, describing it as an error in the Telnet daemon (in.telnetd) that fails to properly validate authentication information before being passed to the login process.

About Security Blog Log:
Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com.

Recent columns:

Vista voice trick: More amusement than concern

Storm Trojan: Worse than it should have been

TJX gets little sympathy from blogosphere

To industry experts, the very mention of Telnet raises alarm bells.

The protocol allows virtual network terminals to be connected over the Internet and is incorporated into a variety of popular operating systems, from Sun Solaris and Red Hat Enterprise Linux to Apple's Mac OS X. It has long been considered a security risk because user names, passwords and all subsequent commands are transmitted as easily-exploitable plaintext.

"In my opinion nobody should be running Telnet open to the Internet," Donald Smith, a volunteer handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), wrote on the ISC Web site. He noted that since 1994, the CERT Software Engineering Institute at Carnegie Mellon University has recommended using something other than plain text authentication due to potential network monitoring attacks.

It didn't take long to find people in the blogosphere who wholeheartedly agree with him.

Corey Nachreiner, network security analyst for WatchGuard's LiveSecurity Service, wrote in the WatchGuard blog that nobody should use Telnet anymore, especially since SSH (Secure Shell), its "much smarter and more secure cousin," has been around for ages.

"It's easy to use and widely available on many platforms," he wrote. "It lets you do everything Telnet does, with the added benefit of hiding your sessions from prying eyes. I just don't see any reason you'd want to use Telnet, still."

He noted that the Solaris flaw is trivial to exploit. "If you allow outside users to access your Solaris Telnet server, an unauthenticated remote hacker merely has to send it a specially crafted string and blammo -- he's got root," he wrote. "This really is a horrible flaw for those it affects."

Andy Davidson, a UK-based Linux systems expert, wrote in his My Web 0.2 Website blog that he always considered Telnet good at least as a back-up during SSH upgrades. But the Solaris flaw has given him second thoughts.

"My mantra has always been 'Telnet is only dangerous if you use it,'" he wrote. "Leaving it enabled as an emergency way in during SSH upgrades, for example, is a good idea. All this changed at the weekend with the disclosure of" the Solaris flaw.

Tyler Reguly, security research engineer for nCircle Network Security Inc., wrote in the nCircle blog that the Solaris flaw looked a lot like an old AIX/Linux RLogin vulnerability from 1994 and that it shouldn't be a big deal, since most people know not to use Telnet.

"I hope most people have moved to a more secure [form of] communication such as SSH," he wrote.

Whatever people think of Telnet, Alan Hargreaves, a member of the OpenSolaris project sponsored by Sun, noted in his Alan Hargreaves Weblog that Sun and members of the project deserve credit for fixing the Solaris problem in record time.

"For Sun to respond to and address a vulnerability like this in around 24 hours would have been completely unheard of even two to three years ago," he wrote.

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close