Solaris Telnet 0day or Embarrassment
johannes ullrich from the sans isc sent this to me and then i saw it on the dshield list:
if you run solaris, please check if you got telnet enabled now. if you
can, block port 23 at your perimeter. there is a fairly trivial solaris
telnet -l “-froot” [hostname]
will give you root on many solaris systems with default installs
we are still testing. please use our contact form at
if you have any details about the use of this exploit.
you mean they still use telnet?!
others mentioned the aix rlogin vulnerability (identical) from 1994:
update from hd moore:
“but this bug isnt -froot, its -fanythingbutroot =p”
on the exploits@ mailing list and on dshield this vulnerability was
verified as real.
if sun doesn’t yet block port 23/tcp incoming on their /8, i’d make it a
anyone else running solaris?
i made a joke on this being a pr stunt for people to download solaris (to test this vulnerability), as apparently downloads are somewhat slow at the moment.