Go
back to previous topic |
Forum Name |
"What Does RL Stand For?" |
Topic subject | FYI Solaris Telnet Vulnerability |
Topic
URL | https://forums.carrionfields.com/dcboard.php?az=show_topic&forum=43&topic_id=1003 |
1003, FYI Solaris Telnet Vulnerability
Posted by Tac on Wed 31-Dec-69 07:00 PM
I don't know if it applies to the box CF is on, but here is where I first heard... http://it.slashdot.org/it/07/02/12/1118248.shtml which is of course slashdot. I'm sure you can find more info in the linked article.
|
1004, RE: FYI Solaris Telnet Vulnerability
Posted by Eskelian on Wed 31-Dec-69 07:00 PM
Telnet is a stand alone application similar to SSH. Its not quite the same thing as what CF uses, AFAIK.
|
1005, RE: FYI Solaris Telnet Vulnerability
Posted by Isildur on Wed 31-Dec-69 07:00 PM
Telnet is a protocol, which CF's server implements (to some degree). Like you said, it's not the same as the telnet daemon that comes with Solaris, which is what this bug relates to. However, if that isn't fixed on the machine on which CF runs, then someone could theoretically gain root access and wreak havoc with CF's files. It's really an issue for CF's hosting company, not the staff per se.
|
1006, IIRC
Posted by Tac on Wed 31-Dec-69 07:00 PM
CF owns it's own box, which was originally purchased by Jullias. It's possible that only CF accepts telnet connections, and as such avoids this, but I thought I'd send a heads up either way. I'm sure that IMPS/IMMS connect through ssh or something similar, but telnet is at least marginally open to the internet (via CF) and it might be something to double check. *shrug*
|
1007, RE: FYI Solaris Telnet Vulnerability
Posted by Eskelian on Wed 31-Dec-69 07:00 PM
The duality in meaning is annoying yes.
Telnet is a protocol in general. Its also shorthand for both telnet clients and telnet server applications. IE, Telnet service on windows = telnet. Telnet client that connects to CF? Telnet. Protocol they both use? Telnet. Its like they just got tired of naming things.
Point being though that telnet protocol in general, in reference to using it for remote shells, doesn't do any encryption. So I doubt the CF imms are using it for remote admin.
|