| VID |
17006 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP |
| Class |
RPC |
| Detailed Description |
The Sun rpc.rwalld service which is vulnerable to a format string attack is running.
The rwall daemon is a service which will broadcast messages from remote hosts to all terminals of time sharing system. When the rwalld daemon is received remote wall requests on a network, it uses to send a message to all terminals by executing wall command. If the wall command cannot be executed, the rwalld daemon will display an error message. A format string vulnerability exists in the code that displays the error message.
An attacker may be able to consume system resources and prevent wall from executing. After the attacker trigger the rwalld daemon's error message, he and she could execute arbitrary code with root privileges by sending a specially formatted string to this host.
* Platforms Affected:
Sun Solaris 2.5.1 / 2.6
Sun Solaris 7.0 / 8.0 / 9.0
Note: This scanner solely relied on whether the service was running or not, to assess this vulnerability, so this might be a false positive.
* References:
http://online.securityfocus.com/bid/4639
http://www.iss.net/security_center/static/8971.php |
| Recommendation |
The rpc.rwalld service should be disabled if you don't use it
To disable the rpc.rwalld service :
1. Disable the rpc.rwalld service with root privileges as the following.
# rpcinfo -d [program num] [version num]
2. Disabled by commenting this service out in /etc/inetd.conf.
3. Restart the inetd daemon. (kill -HUP [inetd PID]).
-- OR --
Apply the appropriate patch for your system, as listed in Sun Alert Notification 44502:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44502&zone_32=category%3Asecurity |
| Related URL |
CVE-2002-0573 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
