TELNET: Exploit resolv_host_conf
This signature detects attempts to exploit a vulnerability in TELNET that allows remote clients to specify environment variables. Attackers can place a shared object containing executable code on the system, set this object (library) as their RESOLV_HOST_CONF environment variable, and open a TELNET connection with the target host. When TELNET executes the /bin/login during user authentication, the dynamic linker loads the library listed in the RESOLV_HOST_CONF, thus bypassing normal system libraries and allowing the attacker to execute code as root.
Extended Description
Remote attackers could exploit this vulnerability to crash an affected system or read confidential information.
References
URL: http://www.networkice.com/Advice/Intrusions/2000909/default.htm
Short Name
TELNET:EXPLOIT:RESOLV-HOST-CONF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
TELNET
Keywords
Exploit resolv_host_conf
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown