SunOS 4.1.1 and earlier versions of the in.telnetd software allow local users to gain root privileges by exploiting a vulnerability in the telnet protocol. This could potentially lead to unauthorized access to sensitive system resources.
SunOS 4.1.1 and earlier versions of the in.telnetd software allow local users to gain root privileges by exploiting a vulnerability in the telnet protocol. This could potentially lead to unauthorized access to sensitive system resources.
You're affected if you use SunOS version 4.1.1 or earlier. Check with: telnet -v (to see if the version is 4.1.1) or uname -a | grep sunos (to check for the operating system).
Note: This vulnerability does not affect modern Unix-like systems, including Linux and macOS.
Patch: Download the patch from http://www.cert.org/advisories/CA-1991-02.html.
- Immediate mitigations:
- Restrict root access to sensitive resources (e.g., /etc/passwd).
- Monitor for suspicious login attempts.