ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  021207- 01 Alert Date:  02/12/07 Alert Title:  Serious Telnet Vulnerability Update-to:   None OS/Platform/Application:  Solaris 10 and 11 Category:  ALERT Severity:  HIGH Attention:  System Administrators, Desktop Support Personnel

Summary:   A serious vulnerability exists in the default configuration of the telnet daemon on the Solaris platform, versions 10 and 11. The vulnerability allows for unauthenticated logins and escalation of privileges by using a pair of switches in the telnet login argument.

Recommended Actions:  Disable Telnet on the affected platforms. There is no available patch.  To disable telnet in Solaris 10 or 11, this command should work: svcadm disable telnet.  However, the service may start up again subsequent to issuing this command.

Limit your exposure if you must run telnet on your Solaris system. It is recommended that you use a firewall(s) to limit what IP can connect to your telnet services.  Another mitigation strategy that works is this: inetadm -m svc:/network/telnet:default exec="/usr/sbin/in.telnetd -a user"

ITS Actions:  At this time, ITS is blocking telnet sessions on port 23 at the border router. Users trying to telnet into University systems from outside the campus network will not be able to.

Users are advised to use SSH for remote log ins.

Resources:
 
SANS Storm Center Handler's Diary
http://isc.sans.org/diary.html?storyid=2220