HIGH🇵🇱 Wersja polska

CVE-2007-0882

CVSS 10.0v2.0pub. 2007-02-12upd. 2026-04-23

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Oracle Solaris

    OS
    Oracle
    1011
  • Sun Sunos

    OS
    Sun
    5.105.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...

CVE-2013-2251CRITICAL9.8⚠ KEVten sam produkt

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...

CVE-2026-46978CRITICAL10.0ten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The...

CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server przez niebezpieczną deserializację

CVE-2021-39085CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...