Bugtraq mailing list archives
Re: Solaris telnet vulnberability - how many on your network?
From: Edsel Adap <edsel () adap org>
Date: Wed, 21 Feb 2007 09:22:50 -0500
Nate Eldredge wrote:
I have now set up a virtual Solaris 8 box to test this with root access, and it appears you are correct. When run as root, "login -f root" presents a login prompt, just like login without arguments. So it is not "supported" in the sense of having the Solaris 10 documented behavior.
I tested this as well on a Solaris 8 box. I did not get the behavior you described.
# uname -a SunOS skyhawk 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Blade-100 # /bin/login -froot Not on system consoleAs you can see, it did not prompt me for a password. Obviously the -f option is recognized and its semantics are implemented.
However telnet could not be used to exploit it in the same was a Solaris 10 was exploited.
Using "strings" to look at the getopt option list reveals that an undocumented "-a" option also exists. I don't know what it does, either. More material for the backdoor conspiracy theorists, I suppose. Fortunately there doesn't appear to be a "-nsakey" option.
As far as the -a option, it does not do anything. The OpenSolaris source says:
case 'a': break;I'm guessing that this behavior is left over from the older versions of Solaris.
-- Edsel Adap edsel () adap orghttp://www.adap.org/~edsel/ LINUX - the choice of the GNU generation
Current thread:
- RE: Re: Re: Solaris telnet vulnberability - how many on your network?, (continued)
- RE: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: RE: Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 16)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? thefinn12345 (Feb 16)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Anthony R. Nemmer (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? greimer (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Darren Reed (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Nate Eldredge (Feb 17)
- RE: Solaris telnet vulnberability - how many on your network? Michael Wojcik (Feb 20)
- RE: Solaris telnet vulnberability - how many on your network? Nate Eldredge (Feb 20)
- Re: Solaris telnet vulnberability - how many on your network? Edsel Adap (Feb 21)
- Re: Re: Re: Solaris telnet vulnberability - how many on your network? jf (Feb 16)
- Re: Solaris telnet vulnberability - how many on your network? Cromar Scott (Feb 17)
- Re[2]: Solaris telnet vulnberability - how many on your network? Thierry Zoller (Feb 22)
- RE: Re[2]: Solaris telnet vulnberability - how many on your network? Roger A. Grimes (Feb 22)