Vulnerability Note VU#944241

rpc.walld fails to properly validate messages before broadcasting to clients

Original Release date: 30 Apr 2003 | Last revised: 21 Oct 2003

Overview

A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available.

Description

From the rpc.walld man page:

    The wall command reads the named file, or, if no filename appears, it reads the standard input until an end-of-file. It then sends this message to all currently logged-in users preceded by:
    Broadcast Message from source . . .
    The command is used to warn all users, typically before shutting down the system.

A vulnerability in rpc.walld may allow local attackers to forge wall messages, which may enable them to trick victims into divulging sensitive information such as user credentials. For more detailed information, please see the following documents.

Impact

This vulnerability may allow local attackers to forge wall messages, which may enable them to trick victims into divulging sensitive information such as user credentials.

Solution

Apply a patch from your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected30 Apr 200308 May 2003
Sun Microsystems Inc.Affected30 Apr 200304 May 2003
Apple Computer Inc.Not Affected30 Apr 200301 May 2003
Cray Inc.Not Affected30 Apr 200330 Apr 2003
Foundry Networks Inc.Not Affected30 Apr 200307 May 2003
FujitsuNot Affected30 Apr 200322 May 2003
HitachiNot Affected30 Apr 200308 May 2003
IBMNot Affected30 Apr 200305 May 2003
Ingrian NetworksNot Affected30 Apr 200302 May 2003
NEC CorporationNot Affected30 Apr 200316 May 2003
NetscreenNot Affected30 Apr 200330 Apr 2003
Network ApplianceNot Affected30 Apr 200301 May 2003
Red Hat Inc.Not Affected30 Apr 200302 May 2003
Xerox CorporationNot Affected30 Apr 200330 May 2003
3ComUnknown30 Apr 200330 Apr 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Brant Roman.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 03 Jan 2003
  • Date First Published: 30 Apr 2003
  • Date Last Updated: 21 Oct 2003
  • Severity Metric: 2.81
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.