Info

Disclosure

Dec 12, 2001

Discovery

Unknown

Dates

Exploit

Dec 22, 2004

Solution

Unknown

Description

A buffer overflow exists in multiple SystemV-based operating systems. The login application fails to validate data received via telnet resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Public, Exploit Commercial

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, many vendors have released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

CVE ID: 2001-0797 (see also: NVD)
Milw0rm: 346 57
Exploit Database: 346 57
Bugtraq ID: 3681
CERT VU: 569272
Metasploit ID: 690
Related OSVDB ID: 691
ISS X-Force ID: 7284
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0404.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/systemv_login
http://www.securiteam.com/unixfocus/6R0050K5PC.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/690