SCAN: Core Impact telnetd-login Exploit
This signature detects the CORE Impact penetration testing tool using the Telnetd Login exploit against your network (this exploit is also detected by the signature attack object HIGH:TELNET:EXPLOIT:SUN-TELNETD-OF). Because CORE Impact can chain one infected computer to another, other machines in the network might already be compromised. CORE Impact can be used legitimately to perform a network security audit of your network. However, if a network security audit is not in progress, this signature can indicate that a malicious attacker is using the CORE Impact tool to compromise your network.
Extended Description
The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions of 'login' descended from System V UNIX contain a buffer overflow when handling environment variables. Several operating systems such as Solaris/SunOS, HP-UX, AIX, IRIX, and Unixware contain vulnerable versions of 'login'. Unauthenticated clients can exploit this issue to execute arbitrary code as root. On systems where 'login' is installed setuid root, local attackers can elevate privileges.
Affected Products
Cisco pgw2200_pstn_gateway,Sco open_server
Short Name
SCAN:CORE:TELNETD-LOGIN
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
CVE-2001-0797 Core Exploit Impact bid:3681 telnetd-login
Release Date
12/08/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Sco
Cisco
Ibm
Sun
Hp
Sgi
CVSS Score
10.0