Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1430 |
Message | TELNET Solaris memory mismanagement exploit attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerabilty on a Sun Solaris system. |
Impact | Remote root access. |
Detailed Information | This event is generated when an attempt is made to exploit a known vulnerability in /bin/login when used by telnetd on Sun Solaris sytems. A buffer overflow condition is present in /bin/login used by telnetd that may present an attacker with the opportunity to execute code of their choosing after a sucessful exploit. |
Affected Systems | Sun Solaris 8.x and earlier |
Attack Scenarios | An attacker may utilize one of the available exploit scripts. |
Ease of Attack | Simple. Exploit scripts are publicly available. |
Corrective Action | Consider using Secure Shell instead of telnet. Block inbound telnet access if it is not required. Upgrade to the latest non-affected version of the software Apply the appropriate vendor supplied patches. |
Additional References |
--
DID:145997
--
http://www.aanval.com/