CVE-2007-0882

Vulnerability Description

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.htmlExploitThird Party Advisory
• http://isc.sans.org/diary.html?storyid=2220ExploitThird Party Advisory
• http://osvdb.org/31881Broken Link
• http://seclists.org/fulldisclosure/2007/Feb/0217.htmlMailing ListThird Party Advisory
• http://secunia.com/advisories/24120Broken LinkVendor Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1Broken Link
• http://www.kb.cert.org/vuls/id/881872Third Party AdvisoryUS Government Resource
• http://www.securityfocus.com/archive/1/459831/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/459843/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/459855/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/459980/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/460086/100/100/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/460103/100/100/threadedBroken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/22512Broken LinkThird Party AdvisoryVDB Entry
• http://www.securitytracker.com/id?1017625Broken LinkThird Party AdvisoryVDB Entry