Telnet is command prompt-controlled network protocol that can be used on intranets and the internet. It was one of the early internet standards but has fallen into disuse owing to its limited security.
The flaw allows any user who accesses the Telnet service of an affected system to gain unauthorised access and execute commands with the same privileges as local users.
If a system is configured to allow root access through Telnet, the attacker will receive the same security clearings.
Users can protect themselves against the vulnerability by disabling all Telnet traffic within Solaris or by blocking port 23 on their firewalls.
If Telnet access is required, users can also change the software's settings to prevent attackers from gaining root access.
Sun engineer Alan Hargreaves, who investigated the bug for the vendor, said on his blog: "Let me acknowledge that, yes, this was an almighty cock up and should not have happened. It did happen. Let's move on," he wrote.
He added that a patch is under development and will be released shortly.
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Successful attack could result in harm to patients and financial loss, warns NHS governing body