| GEN:SID | 1:1430 |
| Message | TELNET Solaris memory mismanagement exploit attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerabilty on a Sun Solaris system.
|
| Impact | Remote root access.
|
| Detailed Information | This event is generated when an attempt is made to exploit a known vulnerability in /bin/login when used by telnetd on Sun Solaris sytems. A buffer overflow condition is present in /bin/login used by telnetd that may present an attacker with the opportunity to execute code of their choosing after a sucessful exploit.
|
| Affected Systems | Sun Solaris 8.x and earlier
|
| Attack Scenarios | An attacker may utilize one of the available exploit scripts.
|
| Ease of Attack | Simple. Exploit scripts are publicly available.
|
| Corrective Action | Consider using Secure Shell instead of telnet.
Block inbound telnet access if it is not required.
Upgrade to the latest non-affected version of the software
Apply the appropriate vendor supplied patches.
|
| Additional References | |