TELNET: Solaris Telnetd "TTYPROMPT" Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the TELNET daemon that ships with Solaris 8 and earlier. A successful attacker can cause a buffer overflow and remotely gain root access.

Extended Description

The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions of 'login' descended from System V UNIX contain a buffer overflow when handling environment variables. Several operating systems such as Solaris/SunOS, HP-UX, AIX, IRIX, and Unixware contain vulnerable versions of 'login'. Unauthenticated clients can exploit this issue to execute arbitrary code as root. On systems where 'login' is installed setuid root, local attackers can elevate privileges.

Affected Products

Cisco pgw2200_pstn_gateway,Sco open_server

Short Name
TELNET:EXPLOIT:SUN-TELNETD-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
TELNET
Keywords
"TTYPROMPT" Buffer CA-2001-34 CVE-2001-0797 Overflow Solaris Telnetd bid:3681 bid:5531
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3725
False Positive
Unknown
Vendors

Sco

Cisco

Ibm

Sun

Hp

Sgi

CVSS Score

10.0

Found a potential security threat?