Solaris telnet vulnerability

This is all over the place by now: telnet in Solaris 10 has a vulnerability that allows you to login as any user, without even the need of a special exploit tool, just by passing certain options to the telnet command line. I just tested it in my Nexenta box, and it works. Honestly, I hadn’t even noticed that telnet was enabled by default. It really should ship disabled, given that ssh comes installed by default on pretty much every box out there these days.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s