Sun Solaris Telnet Worm
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-059A.html
JVNRSS based Status Tracking Notes: A worm is exploiting a vulnerability (VU#881872) in the Sun Solaris telnet daemon (in.telnetd).JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-059A2007-03-01T02:55+00:002007-03-01T02:55+00:002007-03-01T02:55+00:00Sun Solaris in.telnetd Worm
http://www.jpcert.or.jp/at/2007/at070007.txt
JPCERT/CCJPCERT-AT-2007-0007http://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-03-01T05:51+00:002007-03-01T05:51+00:002007-03-01T05:51+00:00Sun Solaris Telnet Worm
http://www.us-cert.gov/cas/techalerts/TA07-059A.html
Via US-CERT Mailing List
US-CERTTA07-059Ahttp://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-28T19:26-05:002007-02-28T19:26-05:002007-02-28T19:26-05:00Worm Actively Exploits Vulnerability in Sun Solaris Telnet Daemon
http://www.us-cert.gov/current/archive/2007/02/28/archive.html#sunwrmexinet
US-CERT is aware of public reports of a worm that is actively exploiting a known vulnerability in the Sun Solaris telnet daemon (in.telnetd). The worm targets Solaris 10 (SunOS 5.10) systems that are not patched to address this vulnerability and have enabled the telnet daemon.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-28T17:00-04:002007-02-28T17:00-04:002007-02-28T17:00-04:00Solaris in.telnetd worm seen in the wild + inoculation script
http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
Sun Microsystems is aware of an active worm which exploits the in.telnetd vulnerability described in Sun Alert 102802.
Sun Microsystemshttp://www.kb.cert.org/vuls/id/8818722007-02-282007-02-282007-02-28Solaris worm?
http://isc.sans.org/diary.html?storyid=2316
Looks like a netrange over in France is scanning around for port 23. Read the article for further details about the "worm".
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-272007-02-272007-02-27Solaris Telnet Login Authentication Bypass
http://www.iss.net/threats/2541.html
Internet Security Systemshttp://xforce.iss.net/xforce/xfdb/32434http://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-132007-02-132007-02-13Authentication Bypass Vulnerability in Sun Solaris Telnet Daemon
http://www.us-cert.gov/current/archive/2007/02/12/archive.html#sntlntbyp
US-CERT is aware of an authentication bypass vulnerability in the Sun Solaris telnet daemon (in.telnetd). The Sun Solaris telnet daemon does not properly sanitize the USER Environment variable before passing it to the login process.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-12T12:14-05:002007-02-12T12:14-05:002007-02-12T12:14-05:00Sun Solaris telnet authentication bypass vulnerability
http://www.kb.cert.org/vuls/id/881872
A vulnerability in the Sun Solaris telnet daemon (in.telnetd) could allow a remote attacker to log on to the system with elevated privileges.
US-CERTVU#881872http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-08822007-02-12T09:58+00:002007-02-12T09:58+00:002007-02-12T09:58+00:00Another good reason to stop using telnet
http://isc.sans.org/diary.html?storyid=2316
There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination. It has been verified. In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-059A.htmlhttp://www.kb.cert.org/vuls/id/8818722007-02-122007-02-122007-02-12Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1
A security vulnerability in the in.telnetd(1M) daemon shipped with Solaris 10 may allow a local or remote unprivileged user who is able to connect to a host using the telnet(1) service to gain unauthorized access to that host by connecting as any user on the system, allowing them to execute arbitrary commands with the privileges of that user. This would include the root user (uid 0) if the host is configured to accept telnet logins as the root user.
Sun MicrosystemsSun Alert 102802http://www.kb.cert.org/vuls/id/8818722007-02-122007-02-122007-02-12Sun Solaris Telnet Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid
Vulnerability Proof Of Concept (CVE-2007-0882)
Bugtraqhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-08822007-02-112007-02-112007-02-11KEJKFVI0ff3aMlVcb9/tddldfaE=6ByLDYxZFmUNP4sASDEsWwiAf8k=aM093G+KAil6bXgAfb2rJsi1L0mVOoydHibccSj0Ssigv9mJ40GwTnoF6n94KxZDYHocaYYX7s5K5Qh6UjIX64dmeLFd2ExY+qx6w3d3hzEXCcO/B7mItHcG9PMUOqNg2WC1OtzCiLgMFwQSAFm4LVFRXSIKPmbxIWkEx+6R83c=MIIEJTCCA46gAwIBAgIQH8+x187tRT6w02OJfpsddzANBgkqhkiG9w0BAQUFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDAeFw0wNjA2MTMwMDAwMDBaFw0wNzA2MTMyMzU5NTlaMIIBGzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE0MDIGA1UECxMrRGlnaXRhbCBJRCBDbGFzcyAxIC0gTWljcm9zb2Z0IEZ1bGwgU2VydmljZTEgMB4GA1UEAxQXSlZOUlNTIFJlc2VhcmNoIFByb2plY3QxHzAdBgkqhkiG9w0BCQEWEGp2bnJzc0BpcGEuZ28uanAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANV6POygjjKOFc1uAG/YV5VpW07NCJpI3BGisMqVW8gkbU3Dk6gBCc4owM7r/JDIjJ0XmGUCMTsRCnijdbNnn9VR5tIgMhWC6p0+MeOzNQ0XOXEewfLV0nhd+7K3TgjwXNcWI02xqhv+NtD1BHzcDrkdCkGoxn/g1FgUnyhJ4Ob9AgMBAAGjgbUwgbIwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAHv9wR3h5rhh1JXN/2GBxPnBDfHUi9Jn5sfxDXvu88rNJnd4kMOhxNctZVk18/oegHdhHoxsjaNJ6v1xxpF2/u5ARoWT8TwaKnvYWwefupiTS326EY/52RVXwPtep9M02v+S2CwgF3aIKXuF5EuoR2NndxqCRUzns9AJt0qQIwmY