COLUMN

Solaris flaw a reminder of why Telnet is toast

By Bill Brenner 16 Feb 2007 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

But for several security bloggers, the flaw served as a stark reminder that Telnet is easy pickings for the bad guys and should not be used anymore.

Several security organizations issued urgent warnings about the Solaris flaw Monday, describing it as a serious design error in the operating system's Telnet daemon that allows for unauthenticated remote root logins

"This vulnerability can be exploited by using standard Telnet commands, further increasing the severity of this exposure," Cupertino, Calif.-based antivirus giant Symantec Corp. warned in an emailed message to customers of its DeepSight threat management service. "An exploit for this issue was released without an associated advisory and therefore it is believed that it has been exploited in the wild prior to the release."

The French Security Incident Response Team (FrSIRT) has rated the problem high-risk, describing it as an error in the Telnet daemon (in.telnetd) that fails to properly validate authentication information before being passed to the login process.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com. Recent columns: Vista voice trick: More amusement than concern Storm Trojan: Worse than it should have been TJX gets little sympathy from blogosphere

To industry experts, the very mention of Telnet raises alarm bells.

The protocol allows virtual network terminals to be connected over the Internet and is incorporated into a variety of popular operating systems, from Sun Solaris and Red Hat Enterprise Linux to Apple's Mac OS X. It has long been considered a security risk because user names, passwords and all subsequent commands are transmitted as easily-exploitable plaintext.

"In my opinion nobody should be running Telnet open to the Internet," Donald Smith, a volunteer handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), wrote on the ISC Web site. He noted that since 1994, the CERT Software Engineering Institute at Carnegie Mellon University has recommended using something other than plain text authentication due to potential network monitoring attacks.

It didn't take long to find people in the blogosphere who wholeheartedly agree with him.

Corey Nachreiner, network security analyst for WatchGuard's LiveSecurity Service, wrote in the WatchGuard blog that nobody should use Telnet anymore, especially since SSH (Secure Shell), its "much smarter and more secure cousin," has been around for ages.

"It's easy to use and widely available on many platforms," he wrote. "It lets you do everything Telnet does, with the added benefit of hiding your sessions from prying eyes. I just don't see any reason you'd want to use Telnet, still."

He noted that the Solaris flaw is trivial to exploit. "If you allow outside users to access your Solaris Telnet server, an unauthenticated remote hacker merely has to send it a specially crafted string and blammo -- he's got root," he wrote. "This really is a horrible flaw for those it affects."

Andy Davidson, a UK-based Linux systems expert, wrote in his My Web 0.2 Website blog that he always considered Telnet good at least as a back-up during SSH upgrades. But the Solaris flaw has given him second thoughts.

"My mantra has always been 'Telnet is only dangerous if you use it,'" he wrote. "Leaving it enabled as an emergency way in during SSH upgrades, for example, is a good idea. All this changed at the weekend with the disclosure of" the Solaris flaw.

Tyler Reguly, security research engineer for nCircle Network Security Inc., wrote in the nCircle blog that the Solaris flaw looked a lot like an old AIX/Linux RLogin vulnerability from 1994 and that it shouldn't be a big deal, since most people know not to use Telnet.

"I hope most people have moved to a more secure [form of] communication such as SSH," he wrote.

Whatever people think of Telnet, Alan Hargreaves, a member of the OpenSolaris project sponsored by Sun, noted in his Alan Hargreaves Weblog that Sun and members of the project deserve credit for fixing the Solaris problem in record time.

"For Sun to respond to and address a vulnerability like this in around 24 hours would have been completely unheard of even two to three years ago," he wrote.

Tags: Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary