March 9, 2007
It did not take long, but a worm has been written to exploit the recently announced (Feb 16, 2007) Sun Solaris Telnetd Authentication Bypass vulnerability. The worm, which is called the Froot-A by Sophos, and the Solaris Telnet Worm by Symantec, allows a trivial break in to Solaris systems on the network.
Disabling the telnet daemon is recommended, and moving to the exclusive use of ssh will be the long term practice for the University.
Case is monitoring telnet activity- please report any issues you experience in your Solaris systems to the Case Help Desk (368-HELP).
Posted by Thomas Siu at 11:17 AM