Home

Solaris Telnet Login Authentication Bypass

Notification Type:	IBM Internet Security Systems Protection Alert
Notification Date:	Feb 13, 2007
Notification Version:	1.2

Name:	Solaris Telnet Login Authentication Bypass
Public disclosure/ In the wild date:	Feb 11, 2007 (vuln and PoC)
CVE:	CVE-2007-0882
Description:	X-Force has been tracking a worm that exploits this issue. If the telnet daemon is enabled, Sun Solaris could allow a remote attacker to bypass authentication and gain root-level privileges.

ISS Coverage

Product	Content Version
Network Sensor 7.0 Proventia A Proventia IPS (G/GX) prior to Firmware Version 1.2 Server Sensor 7.0	24.56
Proventia IPS (G/GX) Firmware Version 1.2 or later Proventia Multifunction Appliance Proventia Server (Linux)	1.95
Proventia Server (Windows)	1.0.914.1960
Proventia Desktop	x.x.x.1960
RealSecure Desktop 7.0 (AM SP 6.73 or 7.73)	EQB
BlackICE PC Protection 3.6	CQB
Enterprise Scanner	1.17
Internet Scanner	7.2.38

Propagation Techniques	ISS Protection	Available
remote exploit	Telnet_User_Environment_Bypass	Feb 15, 2007

Detection Techniques	ISS Detection	Available
network assessment	solaris-telnet-authentication-bypass	Feb 15, 2007
anomaly detection	solaris-telnet-scanning-possible-worm	Feb 28, 2007

Detailed Description

Business Impact:	Gain Access
CVSS:	Base Score:		8
		Access Vector:	Remote
		Access Complexity:	High
		Authentication:	Not Required
		Confidentiality Impact:	Complete
		Integrity Impact:	Complete
		Availability Impact:	Complete
		Impact Bias:	Normal
	Adjusted Temporal Score:		7.2
		Exploitability:	High
		Remediation Level:	Temporary-Fix
		Report Confidence:	Confirmed
Affected Products:	Solaris 10
Technical Description:	A flaw in the telnet daemon allows a remote attacker to gain the privileges of a known user account (like root or any other admin account). A remote attacker could send a specially-crafted telnet login request to bypass authentication and gain unauthorized access to the system.
Remediation instructions:	Refer to Sun Alert ID: 102802 for Interim Security Relief (ISR) or suggested workaround information. See References.

References

XFDB:	http://xforce.iss.net/xforce/xfdb/32434
Sun:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1

Revision History

1.0	Initial alert.
1.1	Updated signature and check date.
1.2	Updated CVSS score and added worm information

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.