Published: 12/02/2007 Updated: 14/02/2024

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote malicious users to log into certain accounts, as demonstrated by the bin account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle solaris 11
sun sunos 5.11
sun sunos 5.10
oracle solaris 10

## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Ms ...

## # $Id: fuserrb 9583 2010-06-22 19:11:05Z todb $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploi ...

#!/bin/sh # CLASSIFIED CONFIDENTIAL SOURCE MATERIAL # # *********************ATTENTION******************************** # THIS CODE _MUST NOT_ BE DISCLOSED TO ANY THIRD PARTIES # (C) COPYRIGHT Kingcope, 2007 # ################################################################ echo "" echo "SunOS 510/511 intelnetd Remote Exploit by Kingcope kingcope ...

Solaris offers fix for zero-day vuln

The Register • Gavin Clarke • 01 Mar 2007

Worm turns

Sun Microsystems has urged users to update and secure their Solaris 10 installations after a recently discovered zero-day vulnerability was found in the wild. Sun has posted an online workaround to disable the Solaris 10 telnet service, while advising users to apply patches or protect user accounts using firewalls or IP filtering. "Until patches can be applied, you may wish to block access to the telnet service from untrusted networks such as the internet. Use a firewall or other packet-filterin...

CWE-88 http://isc.sans.org/diary.html?storyid=2220 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 http://www.us-cert.gov/cas/techalerts/TA07-059A.html http://www.kb.cert.org/vuls/id/881872 http://www.securityfocus.com/bid/22512 http://www.securitytracker.com/id?1017625 http://secunia.com/advisories/24120 http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html http://seclists.org/fulldisclosure/2007/Feb/0217.html http://osvdb.org/31881 http://www.vupen.com/english/advisories/2007/0560 https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 http://www.securityfocus.com/archive/1/460103/100/100/threaded http://www.securityfocus.com/archive/1/460086/100/100/threaded http://www.securityfocus.com/archive/1/459980/100/0/threaded http://www.securityfocus.com/archive/1/459855/100/0/threaded http://www.securityfocus.com/archive/1/459843/100/0/threaded http://www.securityfocus.com/archive/1/459831/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/9918/https://www.kb.cert.org/vuls/id/881872

CVE-2007-0882

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect