The login program is used by various applications for authentication to the system.
The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote attacker could execute arbitrary commands by initiating a telnet or rlogin session with a large number of environment variables.
Apply one of the patches referenced in Sun Document ID 00213.
Exploit works on Sun SPARC Solaris versions 2.6 (03/98) and 7 (11/99).
SunOS / Solaris