Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0882Argument Injection in Oracle Solaris

CWE-88Argument InjectionCWE-94Code Injection8 documents5 sources
Severity
10.0CRITICALNVD
EPSS
91.0%
top 0.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle SolarisSUN Sunos
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDsun/sunos5.10, 5.11+1
NVDoracle/solaris10, 11+1

🔴Vulnerability Details

3
GHSA
GHSA-jpgv-x3r5-pm29: Argument injection vulnerability in the telnet daemon (in2022-05-01
CVEList
CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 12007-04-06
CVEList
CVE-2007-0882: Argument injection vulnerability in the telnet daemon (in2007-02-12

💥Exploits & PoCs

3
Exploit-DB
Sun Solaris Telnet - Remote Authentication Bypass (Metasploit)2010-06-22
Exploit-DB
Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit)2007-02-12
Exploit-DB
SunOS 5.10/5.11 in.TelnetD - Remote Authentication Bypass2007-02-11

📋Vendor Advisories

1
Red Hat
Unauthorized access via krb5-telnet daemon2007-04-03
CVE-2007-0882 — Argument Injection in Oracle Solaris | cvebase