Title: Solaris rpc.statd rpc Call Relaying Vulnerability
Severity: HIGH
Description:
The rpc service rpc.statd, shipped with all major versions of Sun's Solaris, is the status monitoring service for NFS file locking.
The vulnerability lies in rpc.statd's ability to relay rpc calls to other rpc services without being validated by the access controls of the other rpc services. This can give the attacker the ability to redirect malicious rpc commands through rpc.statd (which runs as root) to services they may not normally have access to.
In circumstances where rpc.statd is configured to run with lowered privileges, it may still be possible to exploit vulnerabilities in other RPC services.
Affected Products:
- Sun Solaris 2.3.0
- Sun Solaris 2.4.0
- Sun Solaris 2.4.0_x86
- Sun Solaris 2.5.0_x86
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1_x86
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
