1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Remote BinLogin BO 1

Remote BinLogin BO 1

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts overflow the login function on UNIX.

Additional Information

'login' is a program used in Unix systems to authenticate users with a username and password.

Versions of 'login' descended from System V Unix contain a buffer overflow in handling of variables passed to the login prompt from the client. Several operating systems such as Solaris/SunOS, HP-UX, AIX, IRIX and Unixware contain vulnerable versions of 'login'.

It is reportedly possible for unauthenticated clients to exploit these conditions to execute arbitrary code remotely through the remote access services which use 'login'. These services, namely telnet and rlogin, are often enabled on systems by default. Versions of SSH can be configured to use 'login' for authentication. Vulnerable hosts with such a configuration may be exploitable remotely through SSH.

Successful remote exploitation could grant root access to an unauthenticated, anonymous attacker connecting from an external network. On systems where 'login' is installed setuid root, this vulnerability can be exploited by local attackers to elevate privileges.

Affected

  • Cisco Billing and Management Server
  • Cisco PGW2200 PSTN Gateway
  • Cisco Secure IDS Network Sensor 3.0, 3.0(2)S6
  • Cisco Signaling Controller 2200
  • Cisco Voice Services Provisioning Tool
  • HP HP-UX 10.0, 10.0 1, 10.10, 10.20, 11.0, 11.11
  • HP HP-UX (VVOS) 10.24, 11.0.4
  • IBM AIX 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1
  • SCO Open Server 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.6 a
  • SGI IRIX 3.2, 3.3, 3.3.1, 3.3.2, 3.3.3
  • Sun Solaris 2.0, 2.1, 2.2, 2.3, 2.4, 2.4_x86, 2.5, 2.5_x86, 2.5.1, 2.5.1_ppc, 2.5.1_x86, 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86

Response

Patches are available for the following platforms:

For Sun Solaris 2.5.1: Sun Patch 106160-02; Sunsolve Patch Portal
For Sun Solaris 2.5.1_x86: Sun Patch 106161-02; Sunsolve Patch Portal
For Sun Solaris 2.6: Sun Patch 105665-04; Sunsolve Patch Portal
For Sun Solaris 2.6_x86: Sun Patch 105666-04; Sunsolve Patch Portal
For Sun Solaris 7.0: Sun Patch 112300-01; Sunsolve Patch Portal
For Sun Solaris 7.0_x86: Sun Patch 112301-01; Sunsolve Patch Portal
For Sun Solaris 8.0: Sun Patch 111085-02; Sunsolve Patch Portal
For Sun Solaris 8.0_x86: Sun Patch 111086-02; Sunsolve Patch Portal

For SCO Open Server;
Caldera Patch erg711877.505.tar.Z
Caldera Patch erg711877.506.tar.Z

For IBM AIX 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1;
IBM Hotfix tsmlogin_efix.tar.Z

For Cisco Billing and Management Server and Cisco PGW2200 PSTN Gateway;
Cisco Upgrade CSCOh007.pkg release 1.0(7)

For Cisco Secure IDS Network Sensor 3.0 and Cisco Secure IDS Network Sensor 3.0(2)S6;
Cisco Upgrade Secure IDS 3.0(5)

For Cisco Signaling Controller 2200;
Cisco Upgrade CSCOh007.pkg release 1.0(7)
Cisco Upgrade CSCOh008.pkg release 1.0(8)

For Cisco Voice Services Provisioning Tool:
Cisco Upgrade CSCOh007.pkg release 1.0(7)
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube