Sun Solaris Telnet Remote Authentication Bypass Vulnerability

Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication.

Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers, then remote superuser access is possible.

Update: By exploiting the same underlying flaw, attackers may pass other arguments to the 'login' program, potentially allowing them to bypass other security restrictions. Attackers may potentially bypass the console-only requirement for superuser logins.


 

Privacy Statement
Copyright 2010, SecurityFocus