System V login argument array buffer overflow
Added: 03/30/2007CVE: CVE-2001-0797
BID: 3681
OSVDB: 690
|
|
|
|
 |
 |
 |
|
System V login argument array buffer overflowAdded: 03/30/2007CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 BackgroundThe login program is used by various applications for authentication to the system.ProblemThe login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote attacker could execute arbitrary commands by initiating a telnet or rlogin session with a large number of environment variables.ResolutionApply one of the patches referenced in Sun Document ID 00213.Referenceshttp://www.cert.org/advisories/CA-2001-34.htmlLimitationsExploit works on Sun SPARC Solaris versions 2.6 (03/98) and 7 (11/99).PlatformsSunOS / Solaris |
 |
 |
 |
 |