Solaris rpc.rwalld Remote Format String Arbitrary Code Execution

This script is Copyright (C) 2002-2014 Tenable Network Security, Inc.


Synopsis :

An RPC service is running.

Description :

The rpc.walld RPC service is running. Some versions of this server
allow an attacker to gain root access remotely, by consuming the
resources of the remote host then sending a specially formed packet
with format strings to this host.

Solaris 2.5.1, 2.6, 7, 8 and 9 are vulnerable to this issue. Other
operating systems might be affected as well.

Nessus did not check for this vulnerability, so this might be a false
positive.

Solution :

Deactivate this service.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: RPC

Nessus Plugin ID: 10950 ()

Bugtraq ID: 4639

CVE ID: CVE-2002-0573