Signature Detail
Short Name |
RPC:NULL-TADDR2UADDR |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
RPC |
Keywords |
Null taddr2uaddr Portmap Request |
Release Date |
2009/01/28 |
Update Number |
1360 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RPC: Null taddr2uaddr Portmap Request
This signature detects attempts to exploit a known vulnerability against portmap. Avaya Proactive Contact 3.0, HP HP-UX B.11.11, HP HP-UX B.11.23, Sun Solaris 8, Sun Solaris 8 x86, Sun Solaris 9, Sun Solaris 9 x86 are vulnerable. A SUNRPC portmap 'taddr2uaddr' request is made with a null data value. A successful attack can result in a denial-of-service condition.
Extended Description
The Solaris operating system is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the 'rpcbind(1M)' server, denying service to legitimate users.
Affected Products
- Avaya Proactive Contact 3.0
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- libtirpc 0.1.7
- Nortel Networks Self-Service - CCSS7
- Nortel Networks Self-Service MPS 100
- Nortel Networks Self-Service MPS 1000
- Nortel Networks Self-Service MPS 500
- Nortel Networks Self-Service Peri Application
- Nortel Networks Self-Service Peri CTX
- Nortel Networks Self-Service Peri Workstation
- Nortel Networks Self-Service Speech Server
- Red Hat Fedora 9
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
References
- BugTraq: 21964
- CVE: CVE-2007-0165