Published: 2007-03-01T02:55+00:00
Last Updated: 2007-03-01T02:55+00:00
TRTA07-059A
Sun Solaris Telnet Worm
Overview
A worm is exploiting a vulnerability (VU#881872) in the Sun Solaris telnet daemon (in.telnetd).
Event Information
| Date (UTC) | Description |
| 2007-03-01 05:51 |
JPCERT/CC JPCERT-AT-2007-0007: Sun Solaris in.telnetd Worm |
| 2007-03-01 00:26 |
US-CERT TA07-059A: Sun Solaris Telnet Worm Via US-CERT Mailing List |
| 2007-02-28 21:00 |
US-CERT Worm Actively Exploits Vulnerability in Sun Solaris Telnet Daemon US-CERT is aware of public reports of a worm that is actively exploiting a known vulnerability in the Sun Solaris telnet daemon (in.telnetd). The worm targets Solaris 10 (SunOS 5.10) systems that are not patched to address this vulnerability and have enabled the telnet daemon. |
| 2007-02-28 |
Sun Microsystems Solaris in.telnetd worm seen in the wild + inoculation script Sun Microsystems is aware of an active worm which exploits the in.telnetd vulnerability described in Sun Alert 102802. |
| 2007-02-27 |
SANS Internet Storm Center Solaris worm? Looks like a netrange over in France is scanning around for port 23. Read the article for further details about the "worm". |
| 2007-02-13 |
Internet Security Systems Solaris Telnet Login Authentication Bypass |
| 2007-02-12 17:14 |
US-CERT Authentication Bypass Vulnerability in Sun Solaris Telnet Daemon US-CERT is aware of an authentication bypass vulnerability in the Sun Solaris telnet daemon (in.telnetd). The Sun Solaris telnet daemon does not properly sanitize the USER Environment variable before passing it to the login process. |
| 2007-02-12 09:58 |
US-CERT VU#881872: Sun Solaris telnet authentication bypass vulnerability A vulnerability in the Sun Solaris telnet daemon (in.telnetd) could allow a remote attacker to log on to the system with elevated privileges. |
| 2007-02-12 |
SANS Internet Storm Center Another good reason to stop using telnet There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination. It has been verified. In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability. |
| 2007-02-12 |
Sun Microsystems Sun Alert 102802: Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host A security vulnerability in the in.telnetd(1M) daemon shipped with Solaris 10 may allow a local or remote unprivileged user who is able to connect to a host using the telnet(1) service to gain unauthorized access to that host by connecting as any user on the system, allowing them to execute arbitrary commands with the privileges of that user. This would include the root user (uid 0) if the host is configured to accept telnet logins as the root user. |
| 2007-02-11 |
Bugtraq Sun Solaris Telnet Remote Authentication Bypass Vulnerability Vulnerability Proof Of Concept (CVE-2007-0882) |