Solaris Telnet Authentication Bypass

The SANS Internet Storm Center diary has an entry a telnet authentication bypass vulnerability in Solaris 10 and 11. They don’t mention any useful details, but if you’re the type who prefers to see for yourself, you might check out a place that likes to fully disclose this type of thing.
I found we only have one Solaris 10 server running telnet. Its one of the Unix administrator’s desktops. You can only access root from the console, but I was able to get in using the ‘adm’ account. Good times, good times.