...
Non-Compliant Code Example
| Wiki Markup |
|---|
This non-compliant code example is take from \[[VU#881872|http://www.kb.cert.org/vulnotes/id/881872]\], which a vulnerability in the Sun Solaris telnet daemon ({{in.telnetd}}) that allows a remote attacker to log on to the system with elevated privileges. |
The vulnerability in in.telnetd involves the following line of code invokes the login program by calling execl(). This call passes unsanitized data from an untrusted source (the USER environment variable) as an argument to the login program.
...
The diff for this vulnerability is available on from the CVS repository at OpenSolaris.
Risk Assessment
...