____      ____     __    __
                     /    \    /    \   |  |  |  |
        ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                     \____/  |__|  |__|  \______/
                                                     
                    Computer Academic Underground
                        http://www.caughq.org
                            Exploit Code

===============/========================================================
Exploit ID:     CAU-EX-2009-0001
Release Date:   2009.07.29
Title:          manyargs.rb
Description:    System V Derived /bin/login Extraneous Arguments Buffer
                Overflow
Tested:         Sun Solaris 2.6
Attributes:     Remote, Dialup, PreAuth, Shell
Advisory URL:   http://www.caughq.org/exploits/CAU-EX-2009-0001.txt
Exploit URL:    https://metasploit.com/svn/framework3/trunk/modules/
                exploits/dialup/multi/login/manyargs.rb
Author/Email:   I)ruid <druid (@) caughq.org>
===============/========================================================

Description
===========

This exploit connects to a system's modem over dialup and exploits
a buffer overlflow vulnerability in it's System V derived /bin/login.
The vulnerability is triggered by providing a large number of arguments.


Example
=======



Credits
=======

Vulnerability discovered by Mark Dowd of ISS X-Force.


References
==========

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0797
http://www.securityfocus.com/bid/3681
http://www.milw0rm.com/exploits/716
http://osvdb.org/show/osvdb/690
http://osvdb.org/show/osvdb/691


Exploit
=======

https://metasploit.com/svn/framework3/trunk/modules/exploits/dialup/multi/login/manyargs.rb