Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Zero-day flaw in Solaris allows remote attacks

By Jeremy Kirk , IDG News Service , 02/12/2007
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

Security experts are warning of a zero-day vulnerability with Sun's Solaris 10 and 11 OSes.

Exploit code has been posted on the Internet, and no special tools are required to take advantage of it, according to an advisory from the SANS Institute.

The Vector Approach to Data Center Power Planning: Download now

The problem lies within Telnet, a networking protocol. The Telnet daemon -- a process that runs in the background and waits for another Telnet client to connect -- can allow a hacker to log in without a password.

SANS suggests a couple of solutions: disable Telnet or limit the IP addresses that can connect to Telnet through the firewall.

Related Content

In the past, SANS has warned that using Telnet poses a risk, because data transferred between clients may not be encrypted. Telnet is also a frequent target for port scanners.

"In my opinion, no one should be running Telnet open to the Internet," wrote Donald Smith of SANS.

The IDG News Service is a Network World affiliate.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed