CVE-2007-0882 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0882
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0882

Description: Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32434 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 ST 1017625 SAID Secunia Advisory: SA24120 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2202 OSVDB 31881 MISC http://isc.sans.org/diary.html?storyid=2220 http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html MILW0RM http://milw0rm.com/exploits/3293 FULLDISC http://seclists.org/fulldisclosure/2007/Feb/0217.html CERT-VN 881872 CERT http://www.us-cert.gov/cas/techalerts/TA07-059A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/460086/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/460103/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/459843/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/459855/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/459831/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/459980/100/0/threaded BID 22512

Return to the previous page.