Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.80049
Kategorie:Gain a shell remotely
Titel:SysV /bin/login buffer overflow (telnet)
Zusammenfassung:The remote /bin/login seems to crash when it receives too many environment; variables.
Beschreibung:Summary:
The remote /bin/login seems to crash when it receives too many environment
variables.

Vulnerability Impact:
An attacker may use this flaw to gain a root shell on this system.

Solution:
Contact your vendor for a patch (or read the CERT advisory)

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 3681
BugTraq ID: 7481
Common Vulnerability Exposure (CVE) ID: CVE-2001-0797
AIX APAR: IY26221
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
http://www.securityfocus.com/bid/3681
Bugtraq: 20011214 Sun Solaris login bug patches out (Google Search)
http://marc.info/?l=bugtraq&m=100844757228307&w=2
Bugtraq: 20011219 Linux distributions and /bin/login overflow (Google Search)
http://www.securityfocus.com/archive/1/246487
Caldera Security Advisory: CSSA-2001-SCO.40
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
http://www.cert.org/advisories/CA-2001-34.html
CERT/CC vulnerability note: VU#569272
http://www.kb.cert.org/vuls/id/569272
ISS Security Advisory: 20011212 Buffer Overflow in /bin/login
http://xforce.iss.net/alerts/advise105.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025
SGI Security Advisory: 20011201-01-I
ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
Sun Security Bulletin: 00213
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
Sun Bug ID: 4516885
XForce ISS Database: telnet-tab-bo(7284)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7284
CopyrightCopyright (C) 2008 Renaud Deraison

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.