QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-0882

Back to search

CVE-2007-0882

Published: Feb 12, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2007-0560
vdb-entry
x_refsource_VUPEN
VU#881872
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:2202
vdb-entry
signature
x_refsource_OVAL
24120
third-party-advisory
x_refsource_SECUNIA
20070211 "0day was the case that they gave me"
mailing-list
x_refsource_FULLDISC
1017625
vdb-entry
x_refsource_SECTRACK
102802
vendor-advisory
x_refsource_SUNALERT
31881
vdb-entry
x_refsource_OSVDB
22512
vdb-entry
x_refsource_BID
TA07-059A
third-party-advisory
x_refsource_CERT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now