Vulnerability Note VU#638099

rpc.rwalld contains remotely exploitable format string vulnerability

Original Release date: 30 Apr 2002 | Last revised: 02 May 2002

Overview

rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon.

Description

rpc.rwalld is a utility that listens for remote wall requests. Wall is used to send a message to all terminals of a time sharing system. If the wall command cannot be executed, the rwall daemon will display an error message. A format string vulnerability exists in the code that displays the error message. An intruder may be able to consume system resources and prevent wall from executing. This would trigger the rwall daemon's error message, which could permit the intruder to execute code with the privileges of the rwall daemon.

Impact

An intruder may be able to execute code with the privileges of the rwall daemon, typically root.

Solution

Apply patches from your vendor.

If no patches are available, disable the rwall daemon. If this is not an option, implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP) as well as the rpc port mapper (typically port 111/TCP/UDP). Note that this will not mitigate all vectors of attack.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
SunAffected12 Apr 200201 May 2002
AppleNot Affected15 Apr 200202 May 2002
BSDINot Affected15 Apr 200215 Apr 2002
Compaq Computer CorporationNot Affected15 Apr 200215 Apr 2002
CrayNot Affected15 Apr 200215 Apr 2002
FreeBSDNot Affected15 Apr 200217 Apr 2002
Hewlett PackardNot Affected15 Apr 200201 May 2002
IBMNot Affected15 Apr 200215 Apr 2002
NETBSDNot Affected15 Apr 200201 May 2002
OpenBSDNot Affected15 Apr 200215 Apr 2002
SGINot Affected15 Apr 200215 Apr 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered and reported by GOBBLES.

This document was written by Jason Rafail.

Other Information

  • CVE IDs: Unknown
  • CERT Advisory: CA-2002-10
  • Date Public: 29 Apr 2002
  • Date First Published: 30 Apr 2002
  • Date Last Updated: 02 May 2002
  • Severity Metric: 22.44
  • Document Revision: 24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.