HighSun Solaris could allow a remote attacker to bypass authentication, caused by an error in the telnet daemon (in.telnetd). A remote attacker could send a specially-crafted telnet login request to bypass authentication and gain unauthorized access to the system.
Note: Remote root login must be enabled to gain root privileges.
Refer to Sun Alert ID: 102802 for upgrade or suggested workaround information. See References.
US-CERT Vulnerability Note VU#881872
Sun Solaris telnet authentication bypass vulnerability
http://www.kb.cert.org/vuls/id/881872
Full-Disclosure Mailing List, Mon Feb 12 2007 - 16:05:05 CST
Solaris telnet vulnberability - how many on your network?
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0280.html
Sun Microsystems, Inc. Web site
Sun Microsystems
http://www.sun.com/
Full-Disclosure Mailing List, Sat Feb 10 2007 - 22:59:56 CST
"0day was the case that they gave me"
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0218.html
FrSIRT/ADV-2007-0560
Sun Solaris Telnet Daemon Authentication Bypass Remote System Access Vulnerability
http://www.frsirt.com/english/advisories/2007/0560
Sun Alert ID: 102802
Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1
US-CERT Technical Cyber Security Alert TA07-059A
Sun Solaris Telnet Worm
http://www.us-cert.gov/cas/techalerts/TA07-059A.html
Security Sun Alert Feed, 28 Feb 2007
Solaris in.telnetd worm seen in the wild + inoculation script
http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
ISS X-Force
Sun Solaris telnet authentication bypass
http://www.iss.net/security_center/static/32434.php
CVE CVE-2007-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0882
