Multiple OS /bin/login Remote Overflow
Critical Nessus Plugin ID 11136
SynopsisIt is possible to execute arbitrary commands on the remote host.
DescriptionThe remote implementation of the /bin/login utility, used when authenticating a user via telnet or rsh contains an overflow which allows an attacker to gain a shell on this host, without even sending a shell code.
An attacker may use this flaw to log in as any user (except root) on the remote host.
SolutionContact the vendor for a patch.