Security Bugs in Solaris 10 Telnet

scan pc for spyware or adware free

Security Bugs in Solaris 10 Telnet

Solaris 10 is at risk of a zero-day exploit, due to security bugs in its 
telnet service, Sun Microsystems warned.

The "highly critical" vulnerabilities could enable attackers to gain 
unauthorized access to a user's system without requiring the user to 
download exploit code, said Johannes Ullrich, chief research officer at 
the Sans Institute, which also issued a security advisory.

Attackers could exploit the so-called zero-day vulnerabilities in 
Solaris 10 and the beta version of Solaris 11 via the telnet service if 
it is automatically enabled, the advisory said.

Telnet, which dates back to the early days of Unix, was one of the first 
methods devised to allow system administrators to remotely monitor their 
networks. The service will usually prompt people for their user name and 
password. However, security flaws in the operating system could allow an 
attacker to add additional parameters to connect to the remote telnet 
server without a user name or password, Ullrich noted.

Once attackers have gained access, they could execute arbitrary commands 
with the same privileges as the user.

"It's an ancient way to administer systems," Ullrich said. "There's no 
good reason to enable telnet on Solaris...All the communication with 
telnet is not encrypted. In recent years, other technologies have 
replaced it, like (encrypted communications through a secure shell) 
SSH."

Last month, Sun issued an update to Solaris 10, which now has the SSH 
enabled by default, said Bob Wientzen, Solaris spokesman for Sun. He 
added that the company is currently working on a fix for the telnet 
vulnerabilities.

Sun, in its security advisory, said the vulnerabilities are found in 
Solaris 10, running on Sparc servers, as well as on x86 servers.

The Sans Institute and Sun said they were not aware of any reports of 
systems exploited due to the security flaws in the telnet service.

If users must run Solaris with the telnet service enabled, Ullrich 
recommends using a firewall to limit connections to a user's telnet 
service. However, he said that while this workaround will prevent direct 
access to the root account, other accounts on a user's system could 
still be compromised.

Computer and Internet Security news provided here represents global independent resources. The information represented here is © by the stated author.

Internet Security News Home

WorldsLargestNetwork.com




Scan Your PC for Spyware Free

PC Speed Boost

Create Website Easily

Computer Monitoring Software

Internet Education

Anti Spy Software

Stop Pop Ups

Pop-up Eliminator

Adware Removal

Computer Virus Software

Free Scan Spyware Remover

IT Training

Security Software

Security Solutions

Software Protection

Speed Up PC

Virus Protection

Web Safety

Adware Remover and Spyware Protection

Animated Desktop Characters

Anti Virus Software

Audioexam Study Guides in Mp3 Format

Internet Privacy

Detection Connection

Investigate Anyone or Anything

Password Protection Software

Securing Privacy

Spyware Remover





Best of the Web 1 | Best of the Web 2 | Best of the Web 3 | Best of the Web 4


Worlds Largest Network

Active © WorldsLargestNetwork.com ; All Rights Reserved