[rescue] Solaris 10 Remote-Root Exploit

Ahmed Ewing aewing at gmail.com
Mon Feb 12 17:14:25 CST 2007

On 2/12/07, Jonathan C. Patschke <jp at celestrion.net> wrote:
> If you have any public-facing systems running Solaris's telnetd, you
> should disable it now.  Even turning off remote root logins is
> insufficient, since this seems to bypass PAM.
Just a nitpick: according to my own testing (Solaris 10 1/05 as well,
on SPARC), disabling remote root logins actually was successful in
preventing direct superuser takeover, giving the customary "not on
system console" message and dropping the connection.

Of course, a would-be attacker could still use a local exploit after
gaining access to any other system account, as stated in the Riosec

Yeah, telnet sucks.


More information about the rescue mailing list