Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11136
Category:Gain a shell remotely
Title:/bin/login overflow exploitation
Summary:NOSUMMARY
Description:Description:
There is a bug in the remote /bin/login which
allows an attacker to gain a shell on this host, without
even sending a shell code.

An attacker may use this flaw to log in as any user
(except root) on the remote host.

Solution : See http://www.cert.org/advisories/CA-2001-34.html
Risk factor : High

Cross-Ref: BugTraq ID: 3681
BugTraq ID: 5848
Common Vulnerability Exposure (CVE) ID: CVE-2001-0797
AIX APAR: IY26221
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
http://www.securityfocus.com/bid/3681
Bugtraq: 20011214 Sun Solaris login bug patches out (Google Search)
http://marc.info/?l=bugtraq&m=100844757228307&w=2
Bugtraq: 20011219 Linux distributions and /bin/login overflow (Google Search)
http://www.securityfocus.com/archive/1/246487
Caldera Security Advisory: CSSA-2001-SCO.40
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
http://www.cert.org/advisories/CA-2001-34.html
CERT/CC vulnerability note: VU#569272
http://www.kb.cert.org/vuls/id/569272
ISS Security Advisory: 20011212 Buffer Overflow in /bin/login
http://xforce.iss.net/alerts/advise105.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025
SGI Security Advisory: 20011201-01-I
ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
Sun Security Bulletin: 00213
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
Sun Bug ID: 4516885
XForce ISS Database: telnet-tab-bo(7284)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7284
CopyrightThis script is Copyright (C) 2002 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.