Sun Microsystems' Solaris 10 operating system has been hit by an unpatched vulnerability in its telnet service, the server and software vendor
warned.
Telnet is command prompt controlled network protocol that can be used to on intranets and the internet. It was one of the early internet standards but has fallen in disuse for its limited security.
The flaw allows any user who accesses the telnet service for an affected system to gain unauthorized access and execute commands with the same privileges as local users. If a system is configured to allow root access through telnet, the attacker will receive the same security clearings.
Users can protect themselves against the vulnerability by disabling all telnet traffic within Solaris or by blocking port 23 on their firewalls. If telnet access is required, they can also change the software's settings to prevent attackers from gaining root access.
Danish security website Secunia rated the vulnerability as "moderately critical", its third highest severity level on a five step scale.
Sun Microsystems engineer Alan Hargreaves who investigated the bug for the vendor on his blog apologized.
"Let me acknowledge that, yes, this was an almighty cock up and should not have happened. It did happen. Let's move on," Hargreaves wrote.
He added that a patch is under development and will be released shortly
.