Skip to main content

Another good reason to stop using telnet

There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination.
It has been verified. 

The issue:
The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins.

Telnet should be disabled. Since 1994 the cert.org team has recommended using something other then plain text authentication due to potential network monitoring attacks. http://www.cert.org/advisories/CA-1994-01.html
“We recognize that the only effective long-term solution to prevent these attacks is by not transmitting reusable clear-text passwords on the network.“

If remote shell access is required ssh is a better choice then telnet. We have done articles about securing ssh in the past. http://isc.sans.org/diary.html?storyid=1541

The FIX:
To disable telnet in solaris 10 or 11 this command should work.
svcadm disable telnet

The Mitigations:
Limit your exposure if you must run telnet on your solaris system it is recommend that you use firewall(s) to limit what IP can connect to telnet services.

Change
/etc/default/login add CONSOLE=/dev/console
to limit where root can login from. This only prevents direct access to the root account other accounts can still be compromised.

Another mitigation that works in most cases is this:
inetadm -m svc:/network/telnet:default exec="/usr/sbin/in.telnetd -a user"
Labels:

Comments

Post a Comment

Popular posts from this blog

[AIX] How to restart network service in AIX environment?

When network service like telnet connection hangs, then it is possible the inetd subsystem is not working properly. # refresh -s inetd 0513-095 The request for subsystem refresh was completed successfully. If the refresh hangs for some time and comes back with 0513-056 time out waiting for command response, then the inetd subsystem may not be working correctly and should then be killed nicely. Run #ps -ef | grep inetd and do a kill -15 on the process ID on the line that has /usr/sbin/inetd. Once inetd has been killed, type startsrc -s inetd. If inetd starts, try to telnet into the machine. If inetd does not start up successfully, or if telnet still hangs indefinitely, run kill -15 on the PID of inetd again. Back up the original /etc/inetd.conf file to a new file name by typing: # mv /etc/inetd.conf /etc/inetd.conf.backup The original template is in /usr/lpp/bos.net/inst_root/etc/. You can copy it by typing: # cp /usr/lpp/bos.net/inst_root/etc/inetd.conf /etc/inetd.conf Run start...
Post a Comment
Read more

Configure Link based IPMP in Solaris

For long we used Tracking IP based IPMP wherein we track the availability of a gateway on the network using ICMP Echo request. When the gateway IP fails to respond it is considered link is unavailable and NIC fails over to the standby NIC in the IPMP group. The biggest disadvantage here is that we use 3 IP addresses: 1 for the Virtual IP 1 for the active NIC 1 for the Standby NIC and ofcourse the overhead of the ICMP echo requests sent every seconds. This can be overcome using the Link based IPMP configuration where you only need only IP Address and there is no overhead of ICMP messages and the failover delay is lot lesser than that of the tracking method. And the added advantage of a very simple configuration. To configure Link based IPMP, create the hostname.<int name> files for the Active NIC and the standby NIC. For instance here, we use the bge0 and bge3 NICs as the IPMP pair where bge0 is active and bge3 is standby and hence the files hostname.bge0 and hostname.bge3 . To...
Post a Comment
Read more

Windows Server Backup Step-by-Step Guide for Windows Server 2008

The Windows Server Backup feature provides a basic backup and recovery solution for computers running the Windows Server® 2008 operating system. Windows Server Backup introduces new backup and recovery technology and replaces the previous Windows Backup (Ntbackup.exe) feature that was available with earlier versions of the Windows operating system. What is Windows Server Backup? The Windows Server Backup feature in Windows Server 2008 consists of a Microsoft Management Console (MMC) snap-in and command-line tools that provide a complete solution for your day-to-day backup and recovery needs. You can use four wizards to guide you through running backups and recoveries. You can use Windows Server Backup to back up a full server (all volumes), selected volumes, or the system state. You can recover volumes, folders, files, certain applications, and the system state. And, in case of disasters like hard disk failures, you can perform a system recovery, which will rest...
Post a Comment
Read more