Vulnerability Note VU#638099
rpc.rwalld contains remotely exploitable format string vulnerability
Overview
rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon.
Description
rpc.rwalld is a utility that listens for remote wall requests. Wall is used to send a message to all terminals of a time sharing system. If the wall command cannot be executed, the rwall daemon will display an error message. A format string vulnerability exists in the code that displays the error message. An intruder may be able to consume system resources and prevent wall from executing. This would trigger the rwall daemon's error message, which could permit the intruder to execute code with the privileges of the rwall daemon. |
Impact
An intruder may be able to execute code with the privileges of the rwall daemon, typically root. |
Solution
Apply patches from your vendor. |
If no patches are available, disable the rwall daemon. If this is not an option, implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP) as well as the rpc port mapper (typically port 111/TCP/UDP). Note that this will not mitigate all vectors of attack. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Sun | Affected | 12 Apr 2002 | 01 May 2002 |
| Apple | Not Affected | 15 Apr 2002 | 02 May 2002 |
| BSDI | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
| Compaq Computer Corporation | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
| Cray | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
| FreeBSD | Not Affected | 15 Apr 2002 | 17 Apr 2002 |
| Hewlett Packard | Not Affected | 15 Apr 2002 | 01 May 2002 |
| IBM | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
| NETBSD | Not Affected | 15 Apr 2002 | 01 May 2002 |
| OpenBSD | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
| SGI | Not Affected | 15 Apr 2002 | 15 Apr 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
This vulnerability was discovered and reported by GOBBLES.
This document was written by Jason Rafail.
Other Information
- CVE IDs: Unknown
- CERT Advisory: CA-2002-10
- Date Public: 29 Apr 2002
- Date First Published: 30 Apr 2002
- Date Last Updated: 02 May 2002
- Severity Metric: 22.44
- Document Revision: 24
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.