February 28, 2007 9:53 AM PST

Worm targets Solaris telnet bug

A computer worm is using a recently disclosed flaw in Sun Microsystems' operating system to propagate, experts have warned.

The worm attempts to log into systems running Solaris 10, execute a number of commands to plant itself and then spread to other vulnerable computers, Jose Nazario, a senior software engineer at Arbor Networks, wrote on his company's blog Tuesday. Arbor sells network analysis products.

Sun confirmed the threat Wednesday in an updated alert on its Web site. "There is at least one worm in existence that is making use of this exploit to compromise system integrity," Sun warned.

The company has offered a worm-cleaning tool for affected customers.

The worm takes advantage of a security hole in the Solaris telnet service that was first disclosed earlier this month. The bug could enable attackers to gain unauthorized access to a system without requiring any action on the part of the user. Sun has released a fix for the flaw and urges users to install it.

The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted Tuesday.

"One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.

Telnet was one of the first methods devised to allow system administrators to remotely monitor their networks. The service will usually prompt people for their username and password. However, the Solaris bug could allow an attacker to add additional parameters and connect without a username or password.

Systems with telnet disabled are not vulnerable to this attack.

See more CNET content tagged:
Sun Solaris, Sun Microsystems Inc., computer worm, worm, flaw

5 comments

Join the conversation!
Add your comment
Telnet
If anyone is still using telnet then they should expect issues like
this. Its an inherently insecure protocol which is easily replaced
(with additional functionality) with SSH. Since free, well supported,
and well tested SSH implementations exist for most every platform
there is really no reason to maintain telnet service unless some sort
of critical legacy application demands it.
Posted by rapier1 (2722 comments )
Reply Link Flag
Luckily, Solaris share is too small.
I Solaris were as much present these days as NT4 and Window2000 were when their infamous worm stroke, the impact would be as severe.
Posted by alegr (1590 comments )
Reply Link Flag
no one in their right mind uses telnet
No one uses Telnet, that's clear text.... and anyone listening on a network could easily pickup the ID and password.
Posted by RompStar_420 (772 comments )
Link Flag
no one in their right mind uses telnet
No one uses Telnet, that's clear text.... and anyone listening on a network could easily pickup the ID and password.
Posted by RompStar_420 (772 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.