Sun RPC XDR xdrmem_getbytes Function Remote Overflow

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.

Synopsis :

Arbitrary code may be run on the remote server.

Description :

The RPC library has an integer overflow in the function

An attacker may use this flaw to execute arbitrary code on this host
with the privileges your RPC programs are running with (typically root),
by sending a specially crafted request to them.

Note that this issue affects Solaris, as well as Red Hat Enterprise
Linux and Fedora.

Nessus used this flaw to crash the portmapper.

Solution :

Contact the vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true

Family: RPC

Nessus Plugin ID: 11420 ()

Bugtraq ID: 7123

CVE ID: CVE-2003-0028

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial