CVE-2007-0882

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
References
Link Resource
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html Exploit Third Party Advisory
http://isc.sans.org/diary.html?storyid=2220 Exploit Third Party Advisory
http://osvdb.org/31881 Broken Link
http://seclists.org/fulldisclosure/2007/Feb/0217.html Mailing List Third Party Advisory
http://secunia.com/advisories/24120 Broken Link Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 Broken Link
http://www.kb.cert.org/vuls/id/881872 Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/459831/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459843/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459855/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459980/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/460086/100/100/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/460103/100/100/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/22512 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017625 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-059A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/0560 Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 Broken Link
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html Exploit Third Party Advisory
http://isc.sans.org/diary.html?storyid=2220 Exploit Third Party Advisory
http://osvdb.org/31881 Broken Link
http://seclists.org/fulldisclosure/2007/Feb/0217.html Mailing List Third Party Advisory
http://secunia.com/advisories/24120 Broken Link Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 Broken Link
http://www.kb.cert.org/vuls/id/881872 Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/459831/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459843/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459855/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/459980/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/460086/100/100/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/460103/100/100/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/22512 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017625 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-059A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/0560 Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.11:*:*:*:*:*:*:*

History

21 Nov 2024, 00:26

Type Values Removed Values Added
References () http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html - Exploit, Third Party Advisory () http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html - Exploit, Third Party Advisory
References () http://isc.sans.org/diary.html?storyid=2220 - Exploit, Third Party Advisory () http://isc.sans.org/diary.html?storyid=2220 - Exploit, Third Party Advisory
References () http://osvdb.org/31881 - Broken Link () http://osvdb.org/31881 - Broken Link
References () http://seclists.org/fulldisclosure/2007/Feb/0217.html - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2007/Feb/0217.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/24120 - Broken Link, Vendor Advisory () http://secunia.com/advisories/24120 - Broken Link, Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 - Broken Link
References () http://www.kb.cert.org/vuls/id/881872 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/881872 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/archive/1/459831/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/459831/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/459843/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/459843/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/459855/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/459855/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/459980/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/459980/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/460086/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/460086/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/460103/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/460103/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/22512 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/22512 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1017625 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1017625 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA07-059A.html - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-059A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2007/0560 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2007/0560 - Broken Link, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 - Broken Link

14 Feb 2024, 14:56

Type Values Removed Values Added
CPE cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
First Time Oracle solaris
Oracle
CWE CWE-94 CWE-88
References (OSVDB) http://osvdb.org/31881 - (OSVDB) http://osvdb.org/31881 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/460103/100/100/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/460103/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/459843/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/459843/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/460086/100/100/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/460086/100/100/threaded - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html - (MISC) http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html - Exploit, Third Party Advisory
References (CERT) http://www.us-cert.gov/cas/techalerts/TA07-059A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA07-059A.html - Broken Link, Third Party Advisory, US Government Resource
References (BID) http://www.securityfocus.com/bid/22512 - (BID) http://www.securityfocus.com/bid/22512 - Broken Link, Third Party Advisory, VDB Entry
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 - Broken Link
References (CERT-VN) http://www.kb.cert.org/vuls/id/881872 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/881872 - Third Party Advisory, US Government Resource
References (BUGTRAQ) http://www.securityfocus.com/archive/1/459831/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/459831/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/459980/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/459980/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 - Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1017625 - (SECTRACK) http://www.securitytracker.com/id?1017625 - Broken Link, Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2007/0560 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2007/0560 - Broken Link, Vendor Advisory
References (MISC) http://isc.sans.org/diary.html?storyid=2220 - (MISC) http://isc.sans.org/diary.html?storyid=2220 - Exploit, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2007/Feb/0217.html - (FULLDISC) http://seclists.org/fulldisclosure/2007/Feb/0217.html - Mailing List, Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/459855/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/459855/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/24120 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/24120 - Broken Link, Vendor Advisory

Information

Published : 2007-02-12 20:28

Updated : 2024-11-21 00:26


NVD link : CVE-2007-0882

Mitre link : CVE-2007-0882

CVE.ORG link : CVE-2007-0882


JSON object : View

Products Affected

sun

  • sunos

oracle

  • solaris
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')