SANS has reported a verifiable zero-day exploit for Solaris 10 and beyond (Nevada et al). There is a vulnerability in telnetd that can allow attackers to login without a proper account and password.


Note that in recent releases of Solaris Nevada which are “Secure by default”, telnetd is disabled during installation. Earlier releases have telnet enabled and it should be disabled in almost all circumstances. The command to disable is

# svcadm disable telnet


Here is the Information Week article describing the problem and linking to SANS.