United States
Web App Attacks: Sneaking in the Front Door
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Any telnet server running Solaris is a total pushover

Nobody should use telnet anymore. I mean, come on. SSH, telnet's much smarter and more secure cousin, has been around for ages. It's easy to use and widely available on many platforms. It lets you do everything telnet does, with the added benefit of hiding your sessions from prying eyes. I just don't see any reason you'd want to use telnet still. Nonetheless, if any Solaris 10 or 11 administrators out there still use telnet, here's another reason to jump ship.

According to a post on a popular exploit code site, the telnet server (telnetd) that ships with Sun Solaris 10 and 11 suffers from a very serious vulnerability that allows remote attackers to gain full control of Solaris servers. Worse, the vulnerability is trivial to exploit. If you allow outside users to access your Solaris telnet server, an unauthenticated remote hacker merely has to send it a specially crafted string and blammo -- he's got root.

This really is a horrible flaw for those it affects. However, I'm guessing "those it affects" are few. Of all the operating systems out there, Solaris isn't the most popular. I don't expect that many people reading this blog use it much. Furthermore, Wire readers are security conscientious and probably know the dangers of telnet. I'd like to think you don't use telnet outside your own network... if at all.

If you do run a Solaris 10 or 11 server and use telnet, I recommend you stop. Solaris hasn't had time to patch this zero day flaw, so your only remediation option is to disable telnet or restrict it to trusted IPs. I vote for disable. If you're really worried about this vulnerability, and run a Snort compatible IDS system, you can also grab this Bleeding Edge Snort signature for it, written by Chris Boyd.

To sum up, if you follow basic security practices, this flaw's not much of a threat. If you use telnet recklessly, your Solaris server and your network are pushovers. -- Corey Nachreiner, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.