Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Sun Solaris Telnet Bypass Vulnerability

Subscribe

Check Point Reference: CPAI-2007-029
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory: SA24120
Industry Reference(s): CVE-2007-0882
Protection Provided by: VPN-1
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Connectra
  • NGX R62
  • NGX R61
Who is Vulnerable?
Sun Solaris 10
Vulnerability Description
An argument injection vulnerability has been reported in Sun Solaris telnet daemon. Telnet is a network protocol used on the Internet or in local area network (LAN) connections. A remote attacker can exploit this vulnerability to gain unauthorized access to a vulnerable system.
Update/Patch Available
Apply patches:
Sun Solaris
Vulnerability Details
The vulnerability is due to an error in the Sun Solaris telnet daemon (in.telnetd) that fails to properly validate authentication information prior to passing it to the 'login' process. An attacker can exploit this flaw to bypass authentication of a valid accounts via an argument injection. Successful exploitation allows the attacker to compromise an affected system.

Protection Overview
By enabling this protection, SmartDefense will enforce the transferring of proper Telnet requests.

In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The Update released on March 14, 2007 includes the following protections:

Microsoft RTF Multiple Code Execution Vulnerabilities (MS07-011, MS07-012, MS07-013) – CPAI-2007-026
Microsoft Step-by-Step Interactive Training Code Execution Vulnerability (MS07-005) – CPAI-2007-027
Microsoft HTML Help ActiveX Control Code Execution Vulnerability (MS07-008) – CPAI-2007-028
Sun Solaris Telnet Bypass Vulnerability (CPAI-2007-029)
Microsoft IE FTP Responses Code Execution Vulnerability (MS07-016) – CPAI-2007-030
Microsoft Malware Protection Engine PDF Code Execution Vulnerability (MS07-010) – CPAI-2007-031
Microsoft MDAC Code Execution Vulnerability (MS07-009) – CPAI-2007-032
Microsoft Multiple COM Objects Vulnerability (MS07-016) – CPAI-2007-033

VPN-1 NGX R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > TELNET > Block Solaris Telnet Vulnerability.
2. In the configuration pane, under Settings > Mode, check Active.



3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Telnet Enforcement Violation
Attack Information: Malformed telnet request detected

VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > TELNET.
2. Select the following protection:

Block Solaris Telnet Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Telnet Enforcement Violation
Attack Information: Malformed telnet request detected

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > TELNET.
2. Select the following protection:

Block Solaris Telnet Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99857 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > TELNET.
2. Select the following protection:

Block Solaris Telnet Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99857 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > TELNET and enable the following protection:

Block Solaris Telnet Vulnerability

3. Install security policy.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Telnet Enforcement Violation
Attack Information: Malformed telnet request detected

InterSpect 2.0

How Can I Protect My Network?
1. Click Application Intelligence > Content Protection and enable the following protection:

Block Solaris Telnet Vulnerability

2. Install security policy.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Telnet Enforcement Violation
Attack Information: Malformed telnet request detected

Connectra NGX R62/R61

How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:

Block Soalris Telnet Vulnerability

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Attack Name: Telnet Enforcement Violation
Attack Information: Malformed telnet request detected