ID CVE-2001-0797
Summary Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
References
Vulnerable Configurations
  • cpe:2.3:o:sgi:irix:3.2
    cpe:2.3:o:sgi:irix:3.2
  • cpe:2.3:o:sgi:irix:3.3
    cpe:2.3:o:sgi:irix:3.3
  • cpe:2.3:o:sgi:irix:3.3.1
    cpe:2.3:o:sgi:irix:3.3.1
  • cpe:2.3:o:sgi:irix:3.3.2
    cpe:2.3:o:sgi:irix:3.3.2
  • cpe:2.3:o:sgi:irix:3.3.3
    cpe:2.3:o:sgi:irix:3.3.3
  • HP HP-UX 10.00
    cpe:2.3:o:hp:hp-ux:10.00
  • HP HP-UX 10.01
    cpe:2.3:o:hp:hp-ux:10.01
  • HP HP-UX 10.10
    cpe:2.3:o:hp:hp-ux:10.10
  • HP HP-UX 10.20
    cpe:2.3:o:hp:hp-ux:10.20
  • HP HP-UX 10.24
    cpe:2.3:o:hp:hp-ux:10.24
  • HP-UX 11.00
    cpe:2.3:o:hp:hp-ux:11.00
  • HP HP-UX 11.0.4
    cpe:2.3:o:hp:hp-ux:11.0.4
  • HP-UX 11.11
    cpe:2.3:o:hp:hp-ux:11.11
  • IBM AIX 4.3
    cpe:2.3:o:ibm:aix:4.3
  • IBM AIX 4.3.1
    cpe:2.3:o:ibm:aix:4.3.1
  • IBM AIX 4.3.2
    cpe:2.3:o:ibm:aix:4.3.2
  • IBM AIX 4.3.3
    cpe:2.3:o:ibm:aix:4.3.3
  • IBM AIX 5.1
    cpe:2.3:o:ibm:aix:5.1
  • cpe:2.3:o:sco:openserver:5.0
    cpe:2.3:o:sco:openserver:5.0
  • cpe:2.3:o:sco:openserver:5.0.1
    cpe:2.3:o:sco:openserver:5.0.1
  • cpe:2.3:o:sco:openserver:5.0.2
    cpe:2.3:o:sco:openserver:5.0.2
  • cpe:2.3:o:sco:openserver:5.0.3
    cpe:2.3:o:sco:openserver:5.0.3
  • cpe:2.3:o:sco:openserver:5.0.4
    cpe:2.3:o:sco:openserver:5.0.4
  • cpe:2.3:o:sco:openserver:5.0.5
    cpe:2.3:o:sco:openserver:5.0.5
  • cpe:2.3:o:sco:openserver:5.0.6
    cpe:2.3:o:sco:openserver:5.0.6
  • cpe:2.3:o:sco:openserver:5.0.6a
    cpe:2.3:o:sco:openserver:5.0.6a
  • cpe:2.3:o:sun:solaris:2.4:-:x86
    cpe:2.3:o:sun:solaris:2.4:-:x86
  • cpe:2.3:o:sun:solaris:2.5:-:x86
    cpe:2.3:o:sun:solaris:2.5:-:x86
  • cpe:2.3:o:sun:solaris:2.5.1:-:ppc
    cpe:2.3:o:sun:solaris:2.5.1:-:ppc
  • cpe:2.3:o:sun:solaris:2.5.1:-:x86
    cpe:2.3:o:sun:solaris:2.5.1:-:x86
  • Sun Solaris 2.6
    cpe:2.3:o:sun:solaris:2.6
  • cpe:2.3:o:sun:solaris:7.0:-:x86
    cpe:2.3:o:sun:solaris:7.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • Sun SunOS (formerly Solaris)
    cpe:2.3:o:sun:sunos
  • Sun Microsystems Solaris 2.0
    cpe:2.3:o:sun:sunos:5.0
  • Sun Microsystems Solaris 2.1
    cpe:2.3:o:sun:sunos:5.1
  • Sun Microsystems Solaris 2.2
    cpe:2.3:o:sun:sunos:5.2
  • Sun Microsystems Solaris 2.3
    cpe:2.3:o:sun:sunos:5.3
  • Sun Microsystems Solaris 2.4
    cpe:2.3:o:sun:sunos:5.4
  • Sun Microsystems Solaris 2.5
    cpe:2.3:o:sun:sunos:5.5
  • Sun Microsystems Solaris 2.5.1
    cpe:2.3:o:sun:sunos:5.5.1
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability. CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:21180
    last seen 2016-02-02
    modified 2004-12-04
    published 2004-12-04
    reporter Marco Ivaldi
    source https://www.exploit-db.com/download/21180/
    title Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
  • description Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC). CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:716
    last seen 2016-01-31
    modified 2004-12-24
    published 2004-12-24
    reporter Marco Ivaldi
    source https://www.exploit-db.com/download/716/
    title Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit SPARC
  • description Solaris /bin/login Remote Root Exploit (SPARC/x86). CVE-2001-0797. Remote exploit for linux platform
    id EDB-ID:346
    last seen 2016-01-31
    modified 2001-12-20
    published 2001-12-20
    reporter Teso
    source https://www.exploit-db.com/download/346/
    title Solaris /bin/login Remote Root Exploit SPARC/x86
  • description Solaris 2.x/7.0/8 Derived 'login' Buffer Overflow Vulnerability. CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:21179
    last seen 2016-02-02
    modified 2003-01-09
    published 2003-01-09
    reporter snooq
    source https://www.exploit-db.com/download/21179/
    title Solaris 2.x/7.0/8 Derived 'login' Buffer Overflow Vulnerability
  • description System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based). CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:10036
    last seen 2016-02-01
    modified 2001-12-12
    published 2001-12-12
    reporter I)ruid
    source https://www.exploit-db.com/download/10036/
    title System V Derived /bin/login Extraneous Arguments Buffer Overflow modem based
  • description Solaris 2.6/7/8 (TTYPROMPT in.telnet) Remote Authentication Bypass. CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:57
    last seen 2016-01-31
    modified 2002-11-02
    published 2002-11-02
    reporter Jonathan S.
    source https://www.exploit-db.com/download/57/
    title Solaris 2.6/7/8 TTYPROMPT in.telnet Remote Authentication Bypass
  • description System V Derived /bin/login Extraneous Arguments Buffer Overflow. CVE-2001-0797. Remote exploit for linux platform
    id EDB-ID:16928
    last seen 2016-02-02
    modified 2010-07-03
    published 2010-07-03
    reporter metasploit
    source https://www.exploit-db.com/download/16928/
    title System V Derived /bin/login Extraneous Arguments Buffer Overflow
  • description Solaris in.telnetd TTYPROMPT Buffer Overflow. CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:9917
    last seen 2016-02-01
    modified 2002-01-18
    published 2002-01-18
    reporter MC
    source https://www.exploit-db.com/download/9917/
    title Solaris in.telnetd TTYPROMPT - Buffer Overflow
  • description Solaris in.telnetd TTYPROMPT Buffer Overflow. CVE-2001-0797. Remote exploit for solaris platform
    id EDB-ID:16327
    last seen 2016-02-01
    modified 2010-06-22
    published 2010-06-22
    reporter metasploit
    source https://www.exploit-db.com/download/16327/
    title Solaris in.telnetd TTYPROMPT Buffer Overflow
metasploit via4
nessus via4
  • NASL family Gain a shell remotely
    NASL id BINLOGIN_OVERFLOW_RLOGIN.NASL
    description The remote /bin/login seems to crash when it receives too many environment variables. This is likely due to a buffer overflow vulnerability which might allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 10828
    published 2001-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10828
    title SysV /bin/login Environment Remote Overflow (rlogin)
  • NASL family Gain a shell remotely
    NASL id TTYPROMPT.NASL
    description The remote implementation of the /bin/login utility, used when authenticating a user via telnet or rsh contains an overflow which allows an attacker to gain a shell on this host, without even sending a shell code. An attacker may use this flaw to log in as any user (except root) on the remote host.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 11136
    published 2002-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11136
    title Multiple OS /bin/login Remote Overflow
  • NASL family Gain a shell remotely
    NASL id BINLOGIN_OVERFLOW_TELNET.NASL
    description The remote /bin/login seems to crash when it receives too many environment variables. This is likely due to a buffer overflow vulnerability which might allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 10827
    published 2001-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10827
    title SysV /bin/login Environment Remote Overflow (telnet check)
oval via4
accepted 2005-02-23T09:25:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
family unix
id oval:org.mitre.oval:def:2025
status accepted
submitted 2004-12-29T12:00:00.000-04:00
title System V login Buffer Overflow
version 31
packetstorm via4
refmap via4
aixapar IY26221
bid 3681
bugtraq
  • 20011214 Sun Solaris login bug patches out
  • 20011219 Linux distributions and /bin/login overflow
caldera CSSA-2001-SCO.40
cert CA-2001-34
cert-vn VU#569272
iss 20011212 Buffer Overflow in /bin/login
sgi 20011201-01-I
sun 00213
sunbug 4516885
xf telnet-tab-bo(7284)
saint via4
bid 3681
description System V login argument array buffer overflow
id shell_loginbo
osvdb 690
title systemv_login
type remote
Last major update 17-10-2016 - 22:11
Published 12-12-2001 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top