New Search

Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host

oval:org.mitre.oval:def:2202

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication which allows remote attackers to log into certain accounts as demonstrated by the bin account.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 10
Class:
vulnerability
Reference(s):
  • CVE-2007-0882
Product(s):