Sun's NFS/RPC cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists in cachefsd that could permit a remote attacker to execute arbitrary code with the privileges of the cachefsd, typically root.
A remotely exploitable heap overflow exists in the cachefsd program shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). A remote attacker can send a crafted RPC request to the cachefsd program to remotely exploit the vulnerability.
Logs of exploitation attempts may resemble the following:
A remote attacker can execute code with the privileges of the cachefsd process, typically root.
The CERT/CC is currently unaware of patches for this problem.
According to a Sun Alert Notification a workaround is as follows:
The CERT/CC acknowledges the Last Stage of Delirium Team for discovering and reporting on this vulnerability and thanks Sun Microsystems for their technical assistance.