Alias(es)Rpc.Rwalld.Format.UDP, Rpc.Rwalld.Format.TCP |
Release DateJul 03, 2006 |
Severityhigh |
ImpactAttackers can execute arbitrary code on the system with root privileges. |
DescriptionThis indicates a format string vulnerability in Sun Solaris rwall daemon (rpc.rwalld).The rwall daemon is a utility in Sun Solaris that listens for remote wall requests on a network. There is a vulnerability in Solaris versions 2.6, 7, and 8 that allows remote attackers to execute arbitrary code on a target system by sending a specially-crafted string to rpc.rwalld. |
Affected ProductsAny unprotected Sun Solaris 2.6, 7 or 8 is vulnerable to the attack. |
Recommended ActionsApply appropriate patches from Sun and/or upgrade the program to the latest non-vulnerable version from the following URL:http://sunsolve.sun.com |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-0573 |
Reference/shttp://www.kb.cert.org/vuls/id/638099http://www.securityfocus.com/bid/4639 (BugTraq) http://www.cert.org/advisories/CA-2002-10.html |
