[Ma-linux] Two Sun Announcements
Timothy Ball
timball at tux.org
Tue Feb 13 13:09:31 EST 2007
On Tue, Feb 13, 2007 at 11:12:55AM -0500, Harry J. Foxwell wrote:
> ** PLEASE SHARE THIS INFORMATION WITH YOUR OPEN SOURCE COLLEAGUES **
>
> February 13, 2007
>
> Sun Microsystems Federal, Inc. announces two events of interest to the
> open source community in the Washington DC area:
>
You forgot sun's REALLY big announcement:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1
--snip--snip--snip--
Description Top
Sun(sm) Alert Notification
* Sun Alert ID: 102802
* Synopsis: Security Vulnerability in the in.telnetd(1M) Daemon May
* Allow Unauthorized Remote Users to Gain Access to a Solaris Host
* Category: Security
*
Product: Solaris 10 Operating System
* BugIDs: 6523815
* Avoidance: Binary, Workaround
* State: Workaround
* Date Released: 12-Feb-2007
* Date Closed:
* Date Modified: 13-Feb-2007
1. Impact
A security vulnerability in the in.telnetd(1M) daemon shipped with
Solaris 10 may allow a local or remote unprivileged user who is able to
connect to a host using the telnet(1) service to gain unauthorized
access to that host by connecting as any user on the system, allowing
them to execute arbitrary commands with the privileges of that user.
This would include the root user (uid 0) if the host is configured to
accept telnet logins as the root user.
This issue is described in the following document:
http://www.kb.cert.org/vuls/id/881872
--snip--snip--snip--
--timball
--
GPG key available on pgpkeys.mit.edu
pub 1024D/511FBD54 2001-07-23 Timothy Lu Hu Ball <timball at tux.org>
Key fingerprint = B579 29B0 F6C8 C7AA 3840 E053 FE02 BB97 511F BD54
More information about the Ma-linux
mailing list