| VID |
17022 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The rpc.statd daemon allows remote users to indirectly call other local RPC services.
The RPC stat daemon (statd) works with lockd to provide crash and recovery functions for file locking over NFS. And the RPC automounter daemon (automountd) answers file system mount and unmount requests from the autofs filesystem via RPC.
The vulnerability in rpc.statd may allow a remote intruder to call arbitrary RPC services with the privileges of the rpc.statd process, typically root. The vulnerablility in automountd may allow a local intruder to execute arbitrary commands with the privileges of the automountd service.
By combining attacks exploiting these two vulnerabilities, a remote intruder is able to execute arbitrary commands with the privileges of the automountd service.
* NOTE: It may still be possible to cause rpc.statd to call other rpc services even after applying patches which reduce the privileges of rpc.statd. If there are additional vulnerabilities in other rpc services, an intruder may be able to exploit those vulnerabilities through rpc.statd.
* References:
http://online.securityfocus.com/bid/450
http://www.cert.org/advisories/CA-1999-05.html
Platforms Affected:
Solaris 2.3
Solaris 2.4
Solaris 2.4 x86
Solaris 2.5
Solaris 2.5 x86
Solaris 2.5.1
Solaris 2.5.1 x86
Solaris 2.6
Solaris 2.6 x86 |
| Recommendation |
On hosts where NFS services are not needed, the RPC statd daemon should be disabled. Administrators of the affected computer should obtain and install the following patches from Sun Patch Site, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=secbull/186:
o Solaris 2.6: 106592-02
o Solaris 2.6_x86: 106593-02
o Solaris 2.5.1: 104166-04
o Solaris 2.5.1_x86: 104167-04
o Solaris 2.5: 103468-04
o Solaris 2.5_x86: 103469-05
o Solaris 2.4: 102769-07
o Solaris 2.4_x86: 102770-07
o Solaris 2.3: 102932-05 |
| Related URL |
CVE-1999-0493 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
