This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts overflow the login function on UNIX.
'login' is a program used in Unix systems to authenticate users with a username and password.
Versions of 'login' descended from System V Unix contain a buffer overflow in handling of variables passed to the login prompt from the client. Several operating systems such as Solaris/SunOS, HP-UX, AIX, IRIX and Unixware contain vulnerable versions of 'login'.
It is reportedly possible for unauthenticated clients to exploit these conditions to execute arbitrary code remotely through the remote access services which use 'login'. These services, namely telnet and rlogin, are often enabled on systems by default. Versions of SSH can be configured to use 'login' for authentication. Vulnerable hosts with such a configuration may be exploitable remotely through SSH.
Successful remote exploitation could grant root access to an unauthenticated, anonymous attacker connecting from an external network. On systems where 'login' is installed setuid root, this vulnerability can be exploited by local attackers to elevate privileges.
- Cisco Billing and Management Server
- Cisco PGW2200 PSTN Gateway
- Cisco Secure IDS Network Sensor 3.0, 3.0(2)S6
- Cisco Signaling Controller 2200
- Cisco Voice Services Provisioning Tool
- HP HP-UX 10.0, 10.0 1, 10.10, 10.20, 11.0, 11.11
- HP HP-UX (VVOS) 10.24, 11.0.4
- IBM AIX 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1
- SCO Open Server 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.6 a
- SGI IRIX 3.2, 3.3, 3.3.1, 3.3.2, 3.3.3
- Sun Solaris 2.0, 2.1, 2.2, 2.3, 2.4, 2.4_x86, 2.5, 2.5_x86, 2.5.1, 2.5.1_ppc, 2.5.1_x86, 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86