The “things” I’m talking about are vulnerabilities in AIX’s r-commands and Solaris’ telnet daemon. In case you missed them you can read details here:

• IBM AIX r-commands buffer overflow vulnerability, a brief writeup by CA. This is vulnerability CVE-2007-0670, by the way.
• Solaris Telnet 0day or Embarrassment from the SecuriTeam blog.

Yeah, it’s really 2007 and yeah, these are still turning up. This all seems so familiar … Flashback!

• CERT® Advisory CA-1994-09 /bin/login Vulnerability, the /bin/login hole on AIX and Linux wayyyy back in 1994.
• rlogin(1): The Untold Story, from 1998.

If you haven’t been around the block and stumble across a cache of ancient systems and configurations that haven’t been updated since Desert Storm, I suggest you dust off your copy of Improving the Security of Your Site by Breaking Into it, the Dan Farmer and Wietse Venema classic. Important, dated and all, but still an important piece of reading when it came out.

It’s 2007, we’re all using firewalls, VPNs, and SSH, right? Maybe not. The number of legacy systems and networks out there that have telnet enabled and can’t run SSH is staggering. There is something to be said for the philosophy of “if it aint broke don’t fix it” and all that, but it’s been a long time since we had better alternatives and packet filters to keep out the baddies. What’s scary is these vulnerabilities will undoubtedly affect someone somewhere who forgot that they still have a Solaris print server from 1992 active in a dark corner somewhere, and that it’s reachable from arbitrary locations around the world, and only by telnet.

Go audit your network. Before someone else does. (Oh, we make a system to look at your enterprise network traffic and inventory these sorts of things for you, too, and a whole lot more.)

The answer to the rhetorical question in the title is, obviously, “yes”.

Bookmark/Search this post with:
| | | | | | | |