GEN:SID | 1:715 |
Message | TELNET Attempted SU from wrong group |
Summary | This event is generated when a telnet server sends an error message regarding a failed user attempt to issue the 'su' command to get root privileges.
|
Impact | Failed root access. This attack occurs when a user attempts to get root privileges using the su command.
|
Detailed Information | An attacker may attempt to gain root privileges by issuing the su command. This implies that the attacker has successfully connected to the telnet server with an account other than root. A failed attempt will cause an error message to be generated indicating that the user is not a member of an authorized group to obtain root privileges.
|
Affected Systems | All telnet servers.
|
Attack Scenarios | At attacker may attempt to gain root privileges on a telnet server.
|
Ease of Attack | Simple
|
Corrective Action | Use ssh instead of telnet to prevent su passwords from being sniffed.
Tightly restric su access to authorized users.
Block inbound telnet access if it is not required.
|
Additional References | |