Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Sun Microsystems

Submission + - Trivial Remote Exploit on Sun Solaris 10

Jeremy Kister writes: "Errata Security reports about a bug found in the telnet daemon of Solaris 10. From the article:

Basically if you pass a "-fusername" as an argument to the -l option you get full access to the OS as the user specified. In my example I do it as bin but it worked for regular users, just not for root. This combined with a reliable local privilege escalation exploit would be devastating. Expect mass scanning and possibly the widespread exploitation of this vulnerability.
"

When a fellow says, "It ain't the money but the principle of the thing," it's the money. -- Kim Hubbard

Working...