Solaris Telnet Authentication Bypass

The SANS Internet Storm Center diary has an entry a telnet authentication bypass vulnerability in Solaris 10 and 11. They don’t mention any useful details, but if you’re the type who prefers to see for yourself, you might check out a place that likes to fully disclose this type of thing.
I found we only have one Solaris 10 server running telnet. Its one of the Unix administrator’s desktops. You can only access root from the console, but I was able to get in using the ‘adm’ account. Good times, good times.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>