RPC: RPC.rwalld Error Message Format String Vulnerability (2)

This signature detects attempts to exploit the format string vulnerability in the error message generated by walld in Sun Solaris. Sun Solaris 8 and earlier versions are vulnerable. The rwall daemon (rpc.rwalld) listens for network wall requests and sends wall commands; if the rwall daemon cannot send the wall command, it displays an error message. A successful attack can cause the following conditions: consume system resources, prevent wall commands, trigger the rwall daemon error message, or execute commands with rwall daemon permissions (typically root).

Extended Description

Solaris is the freely available UNIX-derivative operating system developed and distributed by Sun Microsystems. A format-string vulnerability allows attackers to execute arbitrary code on vulnerable systems. When malicious format strings are sent from one system to another, an insecure 'syslog' call may allow a remote attacker to exploit the call to execute arbitrary code.

Affected Products

Sun solaris

Short Name
RPC:RPC.WALLD:WALLD-ERR-FTSTR-2
Severity
Minor
Recommended
False
Recommended Action
None
Category
RPC
Keywords
(2) CA-2002-10 CVE-2002-0573 Error Format Message RPC.rwalld String Vulnerability bid:4639
Release Date
01/28/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
Port
UDP/32776-32780
False Positive
Unknown
Vendors

Sun

CVSS Score

7.5

Found a potential security threat?