CVE-2007-0882
Solaris 10/11 Telnet - Remote Authentication Bypass
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
La vulnerabilidad de inyección argumentos en el demonio telnet (in.telnetd) en Solaris versiones 10 y 11 (SunOS versiones 5.10 y 5.11) interpreta erróneamente ciertas secuencias "-f" del cliente como peticiones válidas para que el programa de inicio de sesión omita la autenticación, lo que permite a los atacantes remotos iniciar sesión en ciertas cuentas, como fue demostrado por la cuenta bin.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-11 First Exploit
- 2007-02-12 CVE Reserved
- 2007-02-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://osvdb.org/31881 | Broken Link | |
http://seclists.org/fulldisclosure/2007/Feb/0217.html | Mailing List | |
http://www.kb.cert.org/vuls/id/881872 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/459831/100/0/threaded | Broken Link | |
http://www.securityfocus.com/archive/1/459843/100/0/threaded | Broken Link | |
http://www.securityfocus.com/archive/1/459855/100/0/threaded | Broken Link | |
http://www.securityfocus.com/archive/1/459980/100/0/threaded | Broken Link | |
http://www.securityfocus.com/archive/1/460086/100/100/threaded | Broken Link | |
http://www.securityfocus.com/archive/1/460103/100/100/threaded | Broken Link | |
http://www.securityfocus.com/bid/22512 | Broken Link | |
http://www.securitytracker.com/id?1017625 | Broken Link | |
http://www.us-cert.gov/cas/techalerts/TA07-059A.html | Broken Link | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 | Broken Link |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/9918 | 2007-02-12 | |
https://www.exploit-db.com/exploits/16328 | 2010-06-22 | |
https://www.exploit-db.com/exploits/3293 | 2007-02-11 | |
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html | 2024-08-07 | |
http://isc.sans.org/diary.html?storyid=2220 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/24120 | 2024-02-14 | |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 | 2024-02-14 | |
http://www.vupen.com/english/advisories/2007/0560 | 2024-02-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 10 Search vendor "Oracle" for product "Solaris" and version "10" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11 Search vendor "Oracle" for product "Solaris" and version "11" | - |
Affected
| ||||||
Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.10 Search vendor "Sun" for product "Sunos" and version "5.10" | - |
Affected
| ||||||
Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.11 Search vendor "Sun" for product "Sunos" and version "5.11" | - |
Affected
|