Info

Disclosure

Feb 10, 2007

Discovery

Unknown

Dates

Exploit

Feb 10, 2007

Solution

Feb 13, 2007

Description

Solaris contains a flaw that may allow a malicious user to log in as an arbitrary user. The issue is triggered when a specified command-line option is provided to the in.telnetd daemon. It is possible that the flaw may allow unauthorized login resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial, Exploit Wormified
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.

Products

Sun Microsystems, Inc.

Solaris

References

Related OSVDB ID: 1007
Security Tracker: 1017625
CVE ID: 2007-0882 (see also: NVD)
Bugtraq ID: 22512
Secunia Advisory ID: 24120
SCIP VulDB ID: 2923
Metasploit ID: 31881
ISS X-Force ID: 32434
Milw0rm: 3293
Exploit Database: 3293
CERT VU: 881872
VUPEN Advisory: ADV-2007-0560
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0231.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0218.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0252.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0254.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0256.html
http://whitestar.linuxbox.org/pipermail/exploits/2007-February/000097.html
Other Advisory URL: http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html
http://www.com-winner.com/0day_was_the_case_that_they_gave_me.pdf
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/solaris_telnetd_auth
Generic Informational URL: http://isc.sans.org/diary.html?storyid=2220
News Article: http://news.com.com/Suns+Solaris+10+at+risk+of+zero-day+exploit/2100-1002_3-6158955.html
http://www.theregister.co.uk/2007/03/01/solaris_security_worm/
Vendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/31881