Signature Detail
Short Name |
RPC:RPC.STATD:AUTOMOUNT-TLI |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
RPC |
Keywords |
RPC.statd/automountd TLI Access |
Release Date |
2003/04/23 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RPC: RPC.statd/automountd TLI Access
This signature detects an attempt to send an attack to automountd via statd. Automountd does not accept connections over TCP or UDP, but does over TLI. This can be exploited by sending a packet to statd, who then forwards it over TLI to automountd on the same host.
Extended Description
The rpc service rpc.statd, shipped with all major versions of Sun's solaris, is the status monitoring service for NFS file locking. The vulnerability lies in rpc.statd's ability to relay rpc calls to other rpc services without being validated by the access controls of the other rpc services. This can give the attacker the ability to redirect malicious rpc commands through rpc.statd (which runs as root) to services they may not normally have access to.
Affected Products
- Sun Solaris 2.3
- Sun Solaris 2.4
- Sun Solaris 2.4_x86
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
References
- BugTraq: 450
- CERT: CA-1996-09
- CVE: CVE-1999-0493
- URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-1999-0493
- URL: http://www.cert.org/advisories/CA-99-05-statd-automountd.html