GEN:SID | 1:1430 |
Message | TELNET Solaris memory mismanagement exploit attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerabilty on a Sun Solaris system.
|
Impact | Remote root access.
|
Detailed Information | This event is generated when an attempt is made to exploit a known vulnerability in /bin/login when used by telnetd on Sun Solaris sytems. A buffer overflow condition is present in /bin/login used by telnetd that may present an attacker with the opportunity to execute code of their choosing after a sucessful exploit.
|
Affected Systems | Sun Solaris 8.x and earlier
|
Attack Scenarios | An attacker may utilize one of the available exploit scripts.
|
Ease of Attack | Simple. Exploit scripts are publicly available.
|
Corrective Action | Consider using Secure Shell instead of telnet.
Block inbound telnet access if it is not required.
Upgrade to the latest non-affected version of the software
Apply the appropriate vendor supplied patches.
|
Additional References | |