漏洞信息详情

Sun Solaris Telnet服务远程绕过认证漏洞

漏洞简介

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris 10的TELNET服务在处理畸形的认证数据时存在漏洞,远程攻击者可能利用此漏洞绕过认证获得访问。 Solaris 10的Telnet守护进程未经检查将用户可能提交的畸形参数直接传递给login进程处理,login进程由此执行非预期的用户身份切换操作。这可能允许用户无需口令便可以某些特权用户权限登录到系统,获得完全的系统访问,如果系统未能对root用户登录位置作限制,获取root用户访问也是可能的。目前这个漏洞正在被积极的利用。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102802-1

参考网址

来源: US-CERT 名称: TA07-059A 链接:http://www.us-cert.gov/cas/techalerts/TA07-059A.html 来源: US-CERT 名称: VU#881872 链接:http://www.kb.cert.org/vuls/id/881872 来源: XF 名称: solaris-telnet-authentication-bypass(32434) 链接:http://xforce.iss.net/xforce/xfdb/32434 来源: SECTRACK 名称: 1017625 链接:http://www.securitytracker.com/id?1017625 来源: BID 名称: 22512 链接:http://www.securityfocus.com/bid/22512 来源: BUGTRAQ 名称: 20070214 RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? 链接:http://www.securityfocus.com/archive/1/archive/1/460103/100/100/threaded 来源: BUGTRAQ 名称: 20070214 Solaris telnet vuln solutions digest and network risks 链接:http://www.securityfocus.com/archive/1/archive/1/460086/100/100/threaded 来源: BUGTRAQ 名称: 20070213 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? 链接:http://www.securityfocus.com/archive/1/archive/1/459980/100/0/threaded 来源: BUGTRAQ 名称: 20070212 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? 链接:http://www.securityfocus.com/archive/1/archive/1/459855/100/0/threaded 来源: BUGTRAQ 名称: 20070212 Solaris telnet vulnberability - how many on your network? 链接:http://www.securityfocus.com/archive/1/archive/1/459843/100/0/threaded 来源: BUGTRAQ 名称: 20070212 Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network? 链接:http://www.securityfocus.com/archive/1/archive/1/459831/100/0/threaded 来源: MILW0RM 名称: 3293 链接:http://www.milw0rm.com/exploits/3293 来源: VUPEN 名称: ADV-2007-0560 链接:http://www.frsirt.com/english/advisories/2007/0560 来源: SUNALERT 名称: 102802 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 来源: SECUNIA 名称: 24120 链接:http://secunia.com/advisories/24120 来源: FULLDISC 名称: 20070211 "0day was the case that they gave me" 链接:http://seclists.org/fulldisclosure/2007/Feb/0217.html 来源: OSVDB 名称: 31881 链接:http://osvdb.org/31881 来源: MILW0RM 名称: 3293 链接:http://milw0rm.com/exploits/3293 来源: MISC 链接:http://isc.sans.org/diary.html?storyid=2220 来源: MISC 链接:http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html 来源: US Government Resource: oval:org.mitre.oval:def:2202 名称: oval:org.mitre.oval:def:2202 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2202

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多