Hi, Solaris is now Open Source, so you can see yourself at http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-in et/usr.sbin/in.telnetd.c?r2=3629&r1=2923 what the problem and its resolution are. There are also the blogs by Alan Hargreaves from SUN Australia at http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit and by Dan McDonald from SUN at http://blogs.sun.com/danmcd/entry/how_opensolaris_did_its_job describing how this vulnerability was first reported, fixed and alerts and patches provided. This is a big mistake but I see no reason to think of backdoors and age-old problems on other OSes any longer. On the contrary I can see the huge progress SUN has made and is making in regards to security and openness. Cheers Georg Oppenberg > On Mon, 12 Feb 2007, Oliver Friedrichs wrote: > > > > Am I missing something? This vulnerability is close to 10 years old. > > It was in one of the first versions of Solaris after Sun moved off of > > the SunOS BSD platform and over to SysV. It has specifically to do with > > how arguments are processed via getopt() if I recall correctly. > > Hey Oliver! :) > > Well than, I guess it just became new again. And to be honest, I have to > agree with a previous poster and suspect (only suspect) it could somehow > be a backdoor rather than a bug. > > The reason why this vulnerability is so critical is the number of networks > and organizations which rely on Solaris for critical production servers, > as well as use telnet for internal communication on their LAN (now how > smart is that? I'd rather use telnet on the Internet than on a local LAN). > > Further, there are quite a few third party appliances (some > infrastructure back-end) that can not easily be patched running on > Solaris (forget fuzzing or VA, people never even NMAP appliances they buy). > > I am unsure of how long we will see this in to-do items of corporate > security teams around the world, but I am sure Sun's /8 is getting a lot > of action recently. > > > > > Oliver > > Gadi. >
