Version: 2008

Comments on: Sun's Solaris 10 at risk of zero-day exploit

Security bugs in Sun Microsystems' telnet service could allow attackers to gain unauthorized access to a system.

Add a Comment (Log in or register) (8 Comments)
  • prev
  • 1
  • next
how interesting...
by jelloburn February 13, 2007 10:37 AM PST
An exploit is found in Solaris and nobody makes a post about how
c|net is biased against Sun and always points out their flaws!?

If this was a Windows exploit, this board would be lit up by people
pointing out Microsoft's foibles and Microsoft supporters
complaining about c|net.

Note this story when an article about a Vista exploit comes out.
Reply to this comment
Let's be honest here....
by ProfessorFry February 13, 2007 10:50 AM PST
Of course no one jumps up. How many Solaris exploits have been found vs. the exploits discovered on Microsoft products on a daily basis? Has nothing to do with supporting one company over the other. But, it has everything to do with the fact that MS makes marginal products that are rife with holes. And before you go on about me being an anti this or that, know that I am XP/Microsoft user and have been for years. Lastly, how long was it before Sun had a fix for this exploit? A day? Let's see Microsoft try that. Oh yeah, they had bug fixes and patches for the LAUNCH day of Vista....
View reply
<gasp> Security holes can exist in non-MS systems?!
by Hoser McMoose February 13, 2007 12:53 PM PST
Going from some of the zealotry that's posted on many Internet forums one might be amazed that, yes in fact, operating systems from companies OTHER than Microsoft can and DO have have security holes. Yup, even such OSes as Solaris and OS X can have 'em.

That being said, anyone using Telnet in this day and age has got to have rocks in their head, it's HUGELY insecure by design! This is a fully unencrypted protocol, even for username and password. No matter how good your server-side protection is it is only a simple matter of network-sniffing somewhere along the chain and you've got full access to a user account. This is a very well known limitation of Telnet (whether it be for Solaris, Windows, Linux or OS X, all of which have built-in Telnet servers, all disabled by default) and it's the reason why everyone with a clue uses SSH instead.
Reply to this comment
Some actual facts about the issue
by tpenta February 13, 2007 4:41 PM PST
Val corrects some misconceptions in the story at http://blogs.sun.com/bubbva/entry/telnet_vulnerability_fud_is_making and I give the outline of what happened to get first interim relief and then final patches out for the problem at http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit

Alan.
Reply to this comment
Telnet what the heck is that?
by johnnysecure February 14, 2007 8:13 AM PST
I heard my grandpa speak of this protocol when I was a little boy.
Reply to this comment
(8 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET