A serious flaw has been discovered
in the normally low-profile Solaris
. SANS has confirmed that the flaw has been verified, and exploits a bug in telnet that could allow someone to compromise a server using the software. It affects both versions 10 and 11, and is Solaris-specific in nature. While no known systems have yet been taken down because of it, it's serious nevertheless because of the implications it could have for the many businesses using Solaris servers. The ISC brought up a good point regarding the flaw, and that is the fact that the inherently insecure Telnet is very outdated and should not be used anymore:
Ullrich and other researchers at the Internet Storm Center are warning users to not use Telnet anymore -- on any system. "It's archaic at this point," says Ullrich. "Never use Telnet to log in to a system. Use SSH instead. There's just no reason to use Telnet. I don't know why they keep it enabled. They really shouldn't."
Preventing access to telnet would prevent this flaw from being exploited, though many companies still rely on it. You can read the SANS notification on it here