Sun Solaris rpc.rwalld format string

solaris-rwall-format-string (8971)

High Risk

Description:

Sun Solaris could allow a remote attacker to execute arbitrary code on the system, caused by a format string vulnerability in the rwall daemon (rpc.rwalld). The rwall daemon is a utility that listens for remote wall requests on a network. A remote attacker could send a specially-crafted format string to rwall to exploit an insecure syslog() call that would allow the attacker to execute arbitrary code on the system with root privileges.

Platforms Affected:

• Sun, Solaris 2.6
• Sun, Solaris 7.0
• Sun, Solaris 8
• Sun, Solaris 9

Remedy:

Apply the appropriate patch for your system, as listed in Sun Alert ID: 44502. See References.

Consequences:

Gain Access

References:

• CERT Advisory CA-2002-10, Format String Vulnerability in rpc.rwalld at http://www.cert.org/advisories/CA-2002-10.html.
• Gobbles Security Advisory #32, Remote Root Hole in Default Solaris Installation at http://cert.uni-stuttgart.de/archive/vulnwatch/2002/04/msg00050.html.
• Sun Alert ID: 44502, Security Vulnerability in the rpc.rwalld(1M) Daemon at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44502&zone_32=category%3Asecurity.
• BID-4639: Sun Solaris RWall Daemon Syslog Format String Vulnerability
• CVE-2002-0573: Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
• OSVDB ID: 778: Solaris rpc.rwalld Remote Format String Arbitrary Code Execution
• US-CERT VU#638099: rpc.rwalld contains remotely exploitable format string vulnerability

Reported:

Apr 30, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page