The fix comes just exploit code for the zero-day vulnerability was posted to a security Web site. "Big round of applause for Sun owning up to the mistake and fixing it quickly," said Dave Maynor, chief technology officer at Atlanta-based Errata Security, in .
A Sun security researcher owned up to the foul-up of leaving Telnet vulnerable.
"Yes, this was an almighty [mess] up and should not have happened," Alan Hargreaves, an engineer in Sun's support group who wrote the initial patch, said . "It did happen. Let's move on."
Although Hargreaves' patch fixed the bug, security organizations, including US-CERT and Errata Security, recommended that Solaris users also disable the Telnet daemon -- or if they've turned it off, leave it off -- using the command: # svcadm disable svc:/network/telnet:default.
The patch can be downloaded from Sun's .