Alarm Ringed Over The Zero-day Threat Of Solaris
The telnet application of Solaris 10 was found to be having a major flaw that could be exploited easily, divulged security experts. Meanwhile, the code of the exploit was also posted publicly.
The vulnerability, dubbed as "major zero day bug" by the SANS Institute on its website on 12 February 2007, allows scammers with easy remote access to the PCs that run Solaris 10. The real problem lies in the manner Telnet - one of the network protocols - employs the parameters in authentication process, revealed Johannes Ullrich - the chief research officer with SANS Institute as per reports from TechWeb.
Ullrich continued that if a "trick" or plain text were added to the telnet command, the system would skip soliciting the username & password. There's no need to download the exploits. Each Solaris 10 & 11 system is in jeopardy. Systems installed out-of the box come automatically Telnet enabled.
Telnet is basically a program from 1970s that lets users to remotely log into a PC. It is generally disabled since the username & password are transmitted without being encrypted. However though the program is already abandoned widely, Sun continues to ship its Solaris 10 OS with Telnet client as well as server programs.
This flaw is easily exploitable through the standard commands of Telnet. Thereby increasing the exposure's severity, warned Symantec Corp in e-mail to its customers from DeepSight threat-management service of the firm. The warning further notifies that no associated advisory was included prior to releasing this exploit. Therefore, it's believed that it's been exploited hastily before the release.
Experts have suggested two solutions for this problem. Firstly, either Telnet should be disabled or the IP addresses that may connect to the program through firewall be limited. In past, they've also alerted about the use of Telnet to pose risk due to unencrypted data that's being transferred among clients. Port scanners have also frequently been targeting Telnet.
Sun is capable of verifying the flaw and is testing the fix now. Telnet is disabled by default in Solaris 10 & users would've to follow a sequence of steps in order to enable it & even more for allowing it to manage root privileges. Solaris SecureShell has been recommended by Sun as a securer alternative for telnet.
» SPAMfighter News - 15-02-2007