[ISN] Solaris offers fix for zero-day vuln

From: InfoSec News (alerts@private)
Date: Thu Mar 01 2007 - 00:03:58 PST


By Gavin Clarke in San Francisco
1st March 2007

Sun Microsystems has urged users to update and secure their Solaris 10 
installations after a recently discovered zero-day vulnerability was 
found in the wild.

Sun has posted an online workaround to disable the Solaris 10 telnet 
service, while advising users to apply patches or protect user accounts 
using firewalls or IP filtering.

"Until patches can be applied, you may wish to block access to the 
telnet service from untrusted networks such as the internet. Use a 
firewall or other packet-filtering technology, such as ipfilter, which 
is shipped with Solaris 10, to block the appropriate network ports. 
Consult your vendor or your firewall documentation for detailed 
instructions on how to configure the ports," Sun said.

The warning comes after Sun confirmed the existence of a worm created to 
exploit a recently uncovered vulnerability in the Solaris 10 telnet 
service. The worm was identified by Arbor Networks barely two weeks 
after the Internet Storm Center uncovered the existence of a possible 
threat to Sun's operating system.

Arbor's Jose Nazario blogged on Wednesday: "This morning on ATLAS 
[security service] we saw a pair of hosts scanning for Telnet servers. 
While this may seem like a throwback to days gone by... this is related 
to a recent Solaris bug, specifically, CVE-2007-0882 (the telnet 
"-froot" bug)."

Visit the InfoSec News Security Bookstore!

This archive was generated by hypermail 2.1.3 : Thu Mar 01 2007 - 00:18:40 PST