CVE-2010-2967 Information

Description

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords which makes it easier for remote attackers to obtain access via a (1) telnet (2) rlogin or (3) FTP session.

Reference

http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html http://www.kb.cert.org/vuls/id/840249 http://www.kb.cert.org/vuls/id/MAPG-863QH9 https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709