Signature Detail

TELNET: Exploit resolv_host_conf

This signature detects attempts to exploit a vulnerability in TELNET that allows remote clients to specify environment variables. Attackers can place a shared object containing executable code on the system, set this object (library) as their RESOLV_HOST_CONF environment variable, and open a TELNET connection with the target host. When TELNET executes the /bin/login during user authentication, the dynamic linker loads the library listed in the RESOLV_HOST_CONF, thus bypassing normal system libraries and allowing the attacker to execute code as root.

Extended Description

Remote attackers could exploit this vulnerability to crash an affected system or read confidential information.

References

• URL: http://www.networkice.com/Advice/Intrusions/2000909/default.htm