Added: 02/16/2007
CVE: CVE-2007-0882
BID: 22512
OSVDB: 31881
The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, **telnetd**
.
The **telnetd**
program in Solaris 10 and 11 misinterprets **USER**
environment variables beginning with “-f”, resulting in an authentication bypass vulnerability. A remote attacker could execute arbitrary commands using a standard telnet client program.
Apply one of the patches referenced in Sun Alert 102802.
<http://secunia.com/advisories/24120>
<http://www.kb.cert.org/vuls/id/881872>
Exploit works on Solaris 10 and 11. Root access can only be gained if the target system allows non-console superuser access.
SunOS