Vulnerability Note VU#944241
rpc.walld fails to properly validate messages before broadcasting to clients
A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available.
From the rpc.walld man page:
The wall command reads the named file, or, if no filename appears, it reads the standard input until an end-of-file. It then sends this message to all currently logged-in users preceded by:
This vulnerability may allow local attackers to forge wall messages, which may enable them to trick victims into divulging sensitive information such as user credentials.
Apply a patch from your vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||30 Apr 2003||08 May 2003|
|Sun Microsystems Inc.||Affected||30 Apr 2003||04 May 2003|
|Apple Computer Inc.||Not Affected||30 Apr 2003||01 May 2003|
|Cray Inc.||Not Affected||30 Apr 2003||30 Apr 2003|
|Foundry Networks Inc.||Not Affected||30 Apr 2003||07 May 2003|
|Fujitsu||Not Affected||30 Apr 2003||22 May 2003|
|Hitachi||Not Affected||30 Apr 2003||08 May 2003|
|IBM||Not Affected||30 Apr 2003||05 May 2003|
|Ingrian Networks||Not Affected||30 Apr 2003||02 May 2003|
|NEC Corporation||Not Affected||30 Apr 2003||16 May 2003|
|Netscreen||Not Affected||30 Apr 2003||30 Apr 2003|
|Network Appliance||Not Affected||30 Apr 2003||01 May 2003|
|Red Hat Inc.||Not Affected||30 Apr 2003||02 May 2003|
|Xerox Corporation||Not Affected||30 Apr 2003||30 May 2003|
|3Com||Unknown||30 Apr 2003||30 Apr 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Brant Roman.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 03 Jan 2003
- Date First Published: 30 Apr 2003
- Date Last Updated: 21 Oct 2003
- Severity Metric: 2.81
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.