Sun Strikes Back at Worm Targeting Telnet Bug

Updated: Sun Microsystems crafts an inoculation script to help computers infected with a worm that is exploiting a recently patched vulnerability in its Solaris 10 operating system.

Sun Microsystems has issued an inoculation script for a worm exploiting a recently patched vulnerability in its Solaris 10 operating system.

The worm exploits a flaw in Suns Telnet service that was uncovered earlier in February. The bug gives an attacker unauthorized remote access to the system by circumventing the log-in process.

/zimages/4/28571.gifSuns CEO says the company is ready to grow in the "Participation Age." Click here to read more.

"The worm attempts to log in to your systems as the users lp or adm and execute a bunch of shell commands," Jose Nazario of Arbor Networks, based in Lexington, Mass., posted Feb. 28 on the companys blog.

If the attack is successfully launched, the hacker would gain the users privileges on the system.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Andrew Storms, director of IT at nCircle Network Security, in San Francisco, said few businesses need to be concerned with the worm, but college campuses may be susceptible.

"From an enterprise perspective, most people seem to find humor in this vulnerability," he said. "Telnet simply isnt something used anymore, and disabling the daemon is right near the top of anyones security checklist. In fact, I cant think of any modern operating system in the last 5 years that has the Telnet daemon on by default."

"If the worm were to have any potential," he continued, "it will be in academia. Many campuses still permit Telnet. The best defense if you do run Telnet is to begin with discovery. Youll want to determine every system running Telnet and next prune that list down to Solaris systems, then patch them quickly."

The inoculation script can be run locally on an infected system as the root user, to remove the worm and prevent reinfection by disabling the Telnet service.

Sun has issued patches for the bug for users running Solaris 10 on the SPARC Platform and the x86 Platform.

Editors Note: This story was updated to include additional analyst comments.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.