JPCERT-AT-2007-0007 JPCERT/CC March 1, 2007 <<< JPCERT/CC Alert 2007-03-01 >>> Sun Solaris in.telnetd Worm http://www.jpcert.or.jp/at/2007/at070007.txt I. Overview Sun Solaris in.telnetd contains an authentication vulnerability. According to the information from Sun Microsystems, this vulnerability has already been exploited by a worm to spread. II. Systems Affected According to Sun Microsystems, the following systems are affected by the vulnerability in in.telnetd: SPARC Platform Solaris 10 without patch 120068-02 x86 Platform Solaris 10 without patch 120069-02 For more information, contact the vendor. III. Solution To fix this problem, apply the patch provided by Sun Microsystems or stop telnet services. For more information, refer to the advisories and other information released by Sun Microsystems. IV. Reference Information JP Vendor Status Notes JVNTA07-059A Sun Solaris Telnet Worm http://jvn.jp/cert/JVNTA07-059A/index.html Sun Alert Notification #102802: Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 Sun Microsystems is aware of an active worm which exploits the in.telnetd vulnerability described in Sun Alert http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen US-CERT Technical Cyber Security Alert TA07-059A Sun Solaris Telnet Worm http://www.us-cert.gov/cas/techalerts/TA07-059A.html US-CERT Vulnerability Note VU#881872 Sun Solaris telnet authentication bypass vulnerability http://www.kb.cert.org/vuls/id/881872 If you have any information regarding this matter, please contact us. ====================================================================== JPCERT Coordination Center (JPCERT/CC) TEL: 03-3518-4600 FAX: 03-3518-4602 http://www.jpcert.or.jp/