SAINT CorporationSAINT:18E83290CD59D1D30EDA5FCBB049535ESystem V login argument array buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Added: 03/30/2007
CVE: CVE-2001-0797
BID: 3681
OSVDB: 690
Background
The login program is used by various applications for authentication to the system.
Problem
The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote attacker could execute arbitrary commands by initiating a telnet or rlogin session with a large number of environment variables.
Resolution
Apply one of the patches referenced in Sun Document ID 00213.
References
<http://www.cert.org/advisories/CA-2001-34.html>
Limitations
Exploit works on Sun SPARC Solaris versions 2.6 (03/98) and 7 (11/99).
Platforms
SunOS / Solaris
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%