TELNET: Solaris /bin/login Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the /bin/login executable that ships with Solaris for SPARC and Intel architectures. Attackers can use a Telnet daemon to exploit /bin/login and execute arbitrary code on the host as root.
Extended Description
The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions of 'login' descended from System V UNIX contain a buffer overflow when handling environment variables. Several operating systems such as Solaris/SunOS, HP-UX, AIX, IRIX, and Unixware contain vulnerable versions of 'login'. Unauthenticated clients can exploit this issue to execute arbitrary code as root. On systems where 'login' is installed setuid root, local attackers can elevate privileges.
Affected Products
Cisco pgw2200_pstn_gateway,Sco open_server
Short Name
TELNET:EXPLOIT:SOLARIS-LOGIN-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
TELNET
Keywords
/bin/login Buffer CVE-2001-0797 Overflow Solaris bid:3681
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sco
Cisco
Ibm
Sun
Hp
Sgi
CVSS Score
10.0