712.txt

This is the snapshot of Snot Latest Rules

Rule:

--
Sid:
712

--
Summary:
This event is generated when an attempt is made to set an environment
variable in a Telnet session to a server.

--
Impact:
Unauthorized superuser access.

--
Detailed Information:
This event is generated when an attempt is made to use the environment
variable ld_library_path in a Telnet session.

--
Affected Systems:
	Telnet servers.

--
Attack Scenarios:
An attacker can attempt to set the environment variable ld_library_path
and then attempt to exploit a known vulnerability in some SunOS based
systems.

--
Ease of Attack:
Simple

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Use ssh as an alternative to Telnet

Block inbound telnet access if it is not required.

--
Contributors:
Original Rule Writer Unknown
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/43

--