The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon,
**telnetd** program in Solaris 10 and 11 misinterprets
**USER** environment variables beginning with "-f", resulting in an authentication bypass vulnerability. A remote attacker could execute arbitrary commands using a standard telnet client program.
Apply one of the patches referenced in Sun Alert 102802.
Exploit works on Solaris 10 and 11. Root access can only be gained if the target system allows non-console superuser access.