Title: RWhoIsD System Log Format String Vulnerability
Severity: HIGH
Description:
Rwhosid is a RWHOIS daemon provided by Network Solutions. RWHOIS is a protocol for remote listing of user name, login time, elapsed time online and other pertinent data for users connected to all machines on a network.
When the option "set use-syslog: YES" is present in the rwhoisd.conf file, messages are logged to the syslog file. This option is enabled by default.
When remote requests are logged through the syslog function, the format string used contains user supplied input. A maliciously created string which contains format modifiers may cause data contained on the stack to be logged, or overwrite arbitrary locations in memory. It is possible this could alter the execution of the process, and lead to arbitrary instructions being executed by rwhoisd.
Affected Products:
- Network Solutions rwhoisd 1.5.0
- Network Solutions rwhoisd 1.5.1a
- Network Solutions rwhoisd 1.5.2
- Network Solutions rwhoisd 1.5.3
- Network Solutions rwhoisd 1.5.5
- Network Solutions rwhoisd 1.5.6
- Network Solutions rwhoisd 1.5.7
- Network Solutions rwhoisd 1.5.7.1
References:
- alert7 <alert7@netguard.com.cn>: NSI Rwhoisd another Remote Format String Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
