The Solaris Telnetd exploit

Some informations about the exploit:

  1. Only Solaris 10 and Nevada are vulnerable
  2. Patches are on the fast lane through the processes.
  3. You will find the T-Patches here. I tend to think, that when your system will be owned by someone via this attack vector, it´s largely your fault. Okay, the bug is one of the class the programmer should wear a brown paper bag over his oder her head for the rest of it´s biological life. But you don´t use telnet nowadays, you don´t login via root to your system directly, you don´t use unencrypted mechanisms to remote control your system. It´s a security best practice since years: Switch off telnet, use ssh, no direct remote root login.