Signature Detail

Short Name	RPC:RWHOD:RWHOD-NULL-INJ
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	RPC
Keywords	IN.rwhod Hostname NULL Byte Code Injection
Release Date	2004/12/13
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

RPC: IN.rwhod Hostname NULL Byte Code Injection

This signature detects a maliciously crafted IN.rwhod packet. By sending a packet containing a NULL byte in the Hostname field to the "rwhod" service, an attacker can execute arbitrary code on the server.

Extended Description

Sun Solaris in.rwhod(1M) daemon is reported prone to an unspecified vulnerability that may allow for remote code execution. The vendor disclosed this issue, however, no further details are currently available. If successfully exploited, this vulnerability can result in an attacker gaining superuser privileges on a vulnerable computer. This BID will be updated when more information becomes available.

Affected Products

Sun Solaris 7.0
Sun Solaris 7.0_x86
Sun Solaris 8 Sparc
Sun Solaris 8 X86
Sun Solaris 9 Sparc
Sun Solaris 9 X86

References

BugTraq: 11840
CVE: CVE-2004-1351
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1
URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1775.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

RPC: IN.rwhod Hostname NULL Byte Code Injection

Extended Description

Affected Products

References