CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0882

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile32.33th
PublishedFeb 12, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

Affected Platforms (CPE)

πŸ’»
Oracle

Solaris

= 10
πŸ’»
Oracle

Solaris

= 11
πŸ’»
Sun

Sunos

= 5.10
πŸ’»
Sun

Sunos

= 5.11

References & Advisories

πŸ”— http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html
πŸ”— http://isc.sans.org/diary.html?storyid=2220
πŸ”— http://osvdb.org/31881
πŸ”— http://seclists.org/fulldisclosure/2007/Feb/0217.html
πŸ”— http://secunia.com/advisories/24120
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1
πŸ”— http://www.kb.cert.org/vuls/id/881872
πŸ”— http://www.securityfocus.com/archive/1/459831/100/0/threaded

Related Vulnerabilities

CVE-1999-056810.0

rpc.admind in Solaris is not running in a secure mode.

CVE-1999-097310.0

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is runn...

CVE-2020-1487110.0

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions tha...

CVE-1999-097410.0

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.