[Full-disclosure] Solaris telnet vulnberability - how many on your network?
Ham Beast
i.am.hambeast at gmail.com
Tue Feb 13 22:28:30 GMT 2007
seriously why the fuck is 100000 email on the telnet of the solaris with
worthless content by gadi enron in mine inbox?
off take your jacket sports please !!!!!!!!
On 2/13/07, Casper.Dik at sun.com <Casper.Dik at sun.com> wrote:
>
>
> >On Tue, 13 Feb 2007 Casper.Dik at Sun.COM wrote:
> >>
> >> >On Tue, 13 Feb 2007 Casper.Dik at Sun.COM wrote:
> >> >>
> >> >> >
> >> >> >Am I missing something? This vulnerability is close to 10 years
> old.
> >> >> >It was in one of the first versions of Solaris after Sun moved off
> of
> >> >> >the SunOS BSD platform and over to SysV. It has specifically to do
> w=
> >> >> >ith
> >> >> >how arguments are processed via getopt() if I recall correctly.
> >> >>
> >> >> You're confused with AIX/Linux
> >> >>
> >> >> Solaris did not have the -f option in login until much later.
> >> >
> >> >Hi Casper. While we have you here, any idea on when Sun will be
> patching
> >> >this issue?
> >>
> >> Now, follow the links from http://sunsolve.sun.com/tpatches
> >>
> >> Casper
> >>
> >
> >Many thanks Casper! Can you give some more information on exactly what is
> >patched. Any Sun released advisory?
>
>
> The simplest possible fix on such short notice:
>
>
> http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c?r2=3629&r1=2923
>
> Casper
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070213/3192e34a/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.