CVE-2007-0882

EPSS 97.8%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 97.8%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado

Lifecycle

11 Feb 2007Public PoC

12 Feb 2007Metasploit module available

12 Feb 2007Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/9918unverified exploitdbwww.exploit-db.com/exploits/16328unverified exploitdbwww.exploit-db.com/exploits/3293unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html http://isc.sans.org/diary.html?storyid=2220 http://osvdb.org/31881 http://seclists.org/fulldisclosure/2007/Feb/0217.html http://secunia.com/advisories/24120 https://exchange.xforce.ibmcloud.com/vulnerabilities/32434 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2202 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 http://www.kb.cert.org/vuls/id/881872 http://www.securityfocus.com/archive/1/459831/100/0/threaded http://www.securityfocus.com/archive/1/459843/100/0/threaded http://www.securityfocus.com/archive/1/459855/100/0/threaded