[rescue] Solaris 10 Remote-Root Exploit

der Mouse mouse at Rodents.Montreal.QC.CA
Wed Feb 14 11:18:33 CST 2007

>> And I've just checked and my telnetd is not vulnerable.  Most of the
>> scanning activity is attempted exploits against my sshd anyway.
> All telnetd are vulnerable to clear-text password interception.

Not true; telnet can be Kerberized, and I think it can be TLSed as
well.  And even those aside, nothing says that a clear-text password is
the authentication/authorization method in use; nobody can intercept
something that isn't sent.  (What else could it be?  SecurID is the
first example that comes to mind.  And in some uses, there may be no
auth{entic,oriz}ation info involved at all, as when using telnet to
export something to the world.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

More information about the rescue mailing list