Vulnerability Details : CVE-2001-0797
Public exploit exists!
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
Vulnerability category: Overflow
Threat overview for CVE-2001-0797
Top countries where our scanners detected CVE-2001-0797
Top open port discovered on systems with this issue
554
IPs affected by CVE-2001-0797 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2001-0797!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2001-0797
Probability of exploitation activity in the next 30 days: 97.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2001-0797
-
Solaris in.telnetd TTYPROMPT Buffer Overflow
Disclosure Date: 2002-01-18First seen: 2020-04-26exploit/solaris/telnet/ttypromptThis module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon. Authors: - MC <mc@metasploit.com> - cazz <bmc@shmoo.com> -
System V Derived /bin/login Extraneous Arguments Buffer Overflow
Disclosure Date: 2001-12-12First seen: 2020-04-26exploit/dialup/multi/login/manyargsThis exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. Authors: - I)ruid <druid@caughq.org>
CVSS scores for CVE-2001-0797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2001-0797
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/7284
-
http://www.securityfocus.com/bid/3681
Multiple Vendor System V Derived 'login' Buffer Overflow VulnerabilityExploit;Patch;Vendor Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
-
http://www.securityfocus.com/archive/1/246487
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/569272
US Government Resource
-
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
-
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
-
http://xforce.iss.net/alerts/advise105.php
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=100844757228307&w=2
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
-
http://www.cert.org/advisories/CA-2001-34.html
Patch;Third Party Advisory;US Government Resource
Products affected by CVE-2001-0797
- cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sgi:irix:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:sco:openserver:5.0.6a:*:*:*:*:*:*:*