Computer Security

Sun Solaris unauthorized access
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Sun Solaris unauthorized access
updated since 11.02.2007
Published:01.03.2007
Source:FULL-DISCLOSURE
SecurityVulns ID:7211
Type:remote
Level:10/10
Description:User's pasword is not checked in telnet session if F flag is set. On older versions defining TTYPROMPT variable allows unauthorized access with bin group privileges. Vulnerability is used by internet worm.
Affected:SUN : Solaris 2.6
 ORACLE : Solaris 8
 SUN : Solaris 7
 ORACLE : Solaris 10
 ORACLE : Solaris 11
CVE:CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-059A -- Sun Solaris Telnet Worm (01.03.2007)
 documentThierry Zoller, Re[2]: Solaris telnet vulnberability - how many on your network? (22.02.2007)
 documentkingcope_(at)_gmx.net, [Full-disclosure] "0day was the case that they gave me" (11.02.2007)
Files:SunOS 5.10/5.11 in.telnetd Remote Exploit
 “0day was the case that they gave me” - SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru