Blog
Ranjeet Menon

Vulnerability in Sun Solaris Telnet Daemon

February 13, 2007
0
Estimated reading time: 1 minute

Authentication bypass vulnerability in the Sun Solaris telnet daemon (in.telnetd) has been discovered. The Sun Solaris telnet daemon does not properly parse the USER Environment variable before passing it to the login process.

By supplying a specially crafted USER Environment variable over telnet, a remote attacker may be able to bypass authentication to gain access to the system with elevated privileges. We have come to know about public exploit code are available/ posted on some sites.

NOTE : An attacker must have knowledge of a user account other than root to exploit this vulnerability successfully. Additionally, in default Solaris configurations, this vulnerability cannot be used to gain root level access.

We recommend
– Disable Telnet daemon.
– Restrict access to port 23/tcp to trusted hosts only.

More infomation on VU#881872

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image