Signature Detail

RPC: RPC.rwalld Error Message Format String Vulnerability (2)

This signature detects attempts to exploit the format string vulnerability in the error message generated by walld in Sun Solaris. Sun Solaris 8 and earlier versions are vulnerable. The rwall daemon (rpc.rwalld) listens for network wall requests and sends wall commands; if the rwall daemon cannot send the wall command, it displays an error message. A successful attack can cause the following conditions: consume system resources, prevent wall commands, trigger the rwall daemon error message, or execute commands with rwall daemon permissions (typically root).

Extended Description

Solaris is the freely available UNIX-derivative operating system developed and distributed by Sun Microsystems. A format-string vulnerability allows attackers to execute arbitrary code on vulnerable systems. When malicious format strings are sent from one system to another, an insecure 'syslog' call may allow a remote attacker to exploit the call to execute arbitrary code.

Affected Products

• Sun Solaris 2.5.1
• Sun Solaris 2.5.1_x86
• Sun Solaris 2.6
• Sun Solaris 2.6_x86
• Sun Solaris 7.0
• Sun Solaris 7.0_x86
• Sun Solaris 8 Sparc
• Sun Solaris 8 X86
• Sun Solaris 9 Sparc

References

• BugTraq: 4639
• CERT: CA-2002-10
• CVE: CVE-2002-0573
• URL: http://www.kb.cert.org/vuls/id/638099
• URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-44502-1