|
Family: Gain root remotely --> Category: attack
Solaris 10 Telnet Authentication Bypass Vulnerability Scan
Vulnerability Scan Summary Attempts to log in as -fbin
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to log into the remote system using telnet without
supplying any credentials
Description :
The remote version of telnet does not sanitize the user-supplied
'USER' environement variable. By supplying a specially malformed
USER environment variable, a possible hacker may force the remote
telnet server to believe that the user has already authenticated.
For instance, the following command :
telnet -l '-fbin' targethost
Will result in obtaining a shell with the rights of the 'bin'
user.
Solution :
Install patches 120068-02 (sparc) or 120069-02 (i386)
which are available from Sun.
Filter incoming to this port or disable the telnet service
and use SSH instead, or use inetadm to mitigate this
problem (see the link below).
See also :
http://lists.sans.org/pipermail/list/2007-February/025935.html
http://isc.sans.org/diary.html?storyid=2220
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|