| VID |
12038 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP |
| Class |
RPC |
| Detailed Description |
The SunRPC implementations have a buffer overflow vulnerability in XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code.
The XDR (external data representation) libraries are used to provide platform-independent methods for sending data from one system process to another, typically over a network connection. Such routines are commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers who need to use common interfaces to interact with many different types of systems.
The xdr_array() function in the XDR library provided by Sun Microsystems is used to translate variable length arrays. By passing an overly large number of elements to xdr_array, remote attackers can overflow a buffer and execute arbitrary code on the system with root privileges (by exploiting dmispd, rpc.cmsd, or kadmind, for example). In addition, attackers who exploit the XDR overflow in MIT KRB5 kadmind may be able to gain control of a Key Distribution Center (KDC) and improperly authenticate to other services within a trusted Kerberos realm.
* Note: This check tests rpc.cmsd RPC daemon among affected RPC services to assess this vulnerability. Therefore, the rpc.cmsd daemon must be restarted to regain normal functionality.
Platforms Affected:
Debian Linux 3.0
MIT Kerberos 5: All Versions
MacOS X: All Versions
NetBSD 1.4.x
NetBSD 1.5.x
NetBSD 1.6 beta
OpenAFS 1.0 to 1.2.5
OpenAFS 1.3.0 to 1.3.2
Red Hat Linux 6.2
Red Hat Linux 7.0 to 7.3
Solaris 2.5.1
Solaris 2.6
Solaris 7 to 9 |
| Recommendation |
Apply the appropriate patch for this vulnerability, as listed in CERT Advisory CA-2002-25, http://www.cert.org/advisories/CA-2002-25.html
-- OR --
Disable access to vulnerable services or applications until patches are available and can be applied. Such applications include, but are not limited to, the following:
* DMI Service Provider daemon (dmispd)
* CDE Calendar Manager Service daemon (rpc.cmsd)
* MIT Kerberos 5 Administration daemon (kadmind)
As a best practice, the CERT/CC recommends disabling all services that are not explicitly required. |
| Related URL |
CVE-2002-0391 (CVE) |
| Related URL |
5356 (SecurityFocus) |
| Related URL |
9170 (ISS) |
|
