Skip to content

telnet lessons?

March 3, 2007

That there was a worm that successfully exploited the telnet vulnerability in Solaris 10 running around the Internet and more specifically within Sun last week is not news. Dave pointed out that it would seem to indicate that the reason we don’t normally have worms and viruses running around on Solaris is not due to the lack of interest of writers of such things. Clearly as this week showed they are interested.

The question I have been left pondering is this:

Given that the bug was well reported, patches were made and distributed very quickly, why were there so many hosts that were available to be infected?

Should Solaris hosts download security patches by default? Given that security patches are free it would seem like a good install option to allow.

Tags topic:[solaris] topic:[security] topic:[telnet] topic:[patching]


From → Solaris

One Comment
  1. Brian permalink

    The real question I’m left with is why Solaris still leaves services like telnet or the r* services turned on. Only recently, in Solaris 10 11/06, has Sun even added a limited network services option; even then, it’s not the default.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: