Solaris 10 has zero-day Telnet flaw

By Bill Brenner, Senior News Writer 12 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

According to several security organizations, a serious design error has been exposed in the Solaris 10-11 Telnet daemon that allows for unauthenticated remote root logins.

"This vulnerability can be exploited by using standard Telnet commands, further increasing the severity of this exposure," Cupertino, Calif.-based antivirus giant Symantec Corp. warned in an emailed message to customers of its DeepSight threat management service. "An exploit for this issue was released without an associated advisory and therefore it is believed that it has been exploited in the wild prior to the release."

Symantec urged administrators to disable Telnet immediately until Sun fixes the problem.

The French Security Incident Response Team (FrSIRT) has rated the problem high-risk, describing it as an error in the Telnet daemon (in.telnetd) that fails to properly validate authentication information before being passed to the login process.

The Telnet protocol allows virtual network terminals to be connected over the Internet and is incorporated into a variety of popular operating systems, from Sun Solaris and Red Hat Enterprise Linux to Apple's Mac OS X.

Donald Smith, a volunteer handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said this latest flaw should serve as a reminder that Telnet is not secure.

"In my opinion nobody should be running telnet open to the Internet," he wrote on the ISC Web site. He noted that since 1994, the CERT Software Engineering Institute at Carnegie Mellon University has recommended using something other than plain text authentication due to potential network monitoring attacks.

The ISC suggested IT administrators mitigate the threat by either disabling Telnet or limiting the number of IP addresses that can connect to Telnet through the firewall.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary