Executive Summary

Informations
Name CVE-2001-0797 First vendor Publication 2001-12-12
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0797

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2025
 
Oval ID: oval:org.mitre.oval:def:2025
Title: System V login Buffer Overflow
Description: Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
Family: unix Class: vulnerability
Reference(s): CVE-2001-0797
Version: 1
Platform(s): Sun Solaris 7
Product(s): login
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 8
Os 5
Os 8
Os 5
Os 6
Os 11

SAINT Exploits

Description Link
System V login argument array buffer overflow More info here

ExploitDB Exploits

id Description
2004-12-04 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
2004-12-24 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

Date Description
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
691 Unix SysV Rlogin login Environment Remote Overflow

A remote overflow exists in rlogin. The login application fails to validate arguments received resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
690 Unix SysV Telnet login Environment Remote Overflow

A buffer overflow exists in multiple SystemV-based operating systems. The login application fails to validate data received via telnet resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Revision : 14 - Type : PROTOCOL-TELNET
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Revision : 14 - Type : PROTOCOL-TELNET
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Revision : 15 - Type : PROTOCOL-TELNET
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Revision : 15 - Type : PROTOCOL-TELNET
2014-01-10 Oracle Solaris username overflow authentication bypass attempt
RuleID : 13613 - Revision : 7 - Type : OS-SOLARIS

Nessus® Vulnerability Scanner

Date Description
2002-10-03 Name : It is possible to execute arbitrary commands on the remote host.
File : ttyprompt.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name : It is possible to execute arbitrary code on the remote host.
File : binlogin_overflow_rlogin.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2001-12-15 Name : It is possible to execute arbitrary code on the remote host.
File : binlogin_overflow_telnet.nasl - Type : ACT_DESTRUCTIVE_ATTACK

Sources (Detail)

Source Url
AIXAPAR http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
BID http://www.securityfocus.com/bid/3681
BUGTRAQ http://marc.info/?l=bugtraq&m=100844757228307&w=2
http://www.securityfocus.com/archive/1/246487
CALDERA ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SC...
CERT http://www.cert.org/advisories/CA-2001-34.html
CERT-VN http://www.kb.cert.org/vuls/id/569272
ISS http://xforce.iss.net/alerts/advise105.php
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SGI ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
SUN http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/7284

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Date Informations
2024-02-02 01:01:44
  • Multiple Updates
2024-02-01 12:01:17
  • Multiple Updates
2023-09-05 12:01:40
  • Multiple Updates
2023-09-05 01:01:08
  • Multiple Updates
2023-09-02 12:01:42
  • Multiple Updates
2023-09-02 01:01:08
  • Multiple Updates
2023-08-12 12:02:02
  • Multiple Updates
2023-08-12 01:01:09
  • Multiple Updates
2023-08-11 12:01:45
  • Multiple Updates
2023-08-11 01:01:09
  • Multiple Updates
2023-08-06 12:01:36
  • Multiple Updates
2023-08-06 01:01:10
  • Multiple Updates
2023-08-04 12:01:40
  • Multiple Updates
2023-08-04 01:01:09
  • Multiple Updates
2023-07-14 12:01:39
  • Multiple Updates
2023-07-14 01:01:10
  • Multiple Updates
2023-03-29 01:01:37
  • Multiple Updates
2023-03-28 12:01:15
  • Multiple Updates
2022-10-11 12:01:28
  • Multiple Updates
2022-10-11 01:01:02
  • Multiple Updates
2021-05-04 12:01:26
  • Multiple Updates
2021-04-22 01:01:35
  • Multiple Updates
2020-05-23 13:16:43
  • Multiple Updates
2020-05-23 00:14:42
  • Multiple Updates
2018-10-31 00:19:40
  • Multiple Updates
2018-05-03 09:19:24
  • Multiple Updates
2016-10-18 12:00:55
  • Multiple Updates
2016-06-28 14:56:41
  • Multiple Updates
2016-04-26 11:56:32
  • Multiple Updates
2016-03-07 13:24:36
  • Multiple Updates
2016-03-07 09:24:48
  • Multiple Updates
2014-02-17 10:23:57
  • Multiple Updates
2014-01-19 21:21:29
  • Multiple Updates
2013-05-11 12:05:22
  • Multiple Updates