If you've got Solaris with Telnet running, you could be in for a big surprise. Per SANS' announcement: "If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23 at your perimeter. There is a fairly trivial Solaris telnet 0-day. telnet -l "-froot" [hostname] will give you root on many Solaris systems with default installs We are still testing. Please use our contact form at https: If you’ve got Solaris with Telnet running, you could be in for a big surprise.Per SANS’ announcement:“If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23 at your perimeter. There is a fairly trivial Solaris telnet 0-day.telnet -l “-froot” [hostname] will give you root on many Solaris systems with default installs We are still testing. Please use our contact form at https://isc.sans.org/contact.html if you have any details about the use of this exploit.”And I thought the Solaris TTYPROMPT telnet exploit of 2002 was easy. ———–Johannes Ullrich http://isc.sans.orgUpdate (2/12/07):By default the root user cannot telnet to a Solaris box. Root is often prevented from remotely connecting to Unix/Linux boxes in an attempt to prevent some exploits. If root is intentionally prevented from connecting remotely to a box, the admin normally telnets in as another regular user, logs in, and then su’s to root. This new exploit should be prevented in default install scenarios (unless admins have commented out the default root blocking text…as many admins do). In those cases, you would need to run the exploit using another valid account (i.e. fbin) with logon privileges instead of froot. Essentially, this means that the exploit is still pretty scary, and pretty easy to pull off. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe