Solaris XDR RPC Request Handling RCE (April 2017 CPU) (EBBISLAND / EBBSHAVE)
Critical Nessus Plugin ID 103532
SynopsisThe remote Solaris host is affected by a remote code execution vulnerability.
DescriptionNessus was able to execute shellcode and run a system command on the remote Solaris host. Solaris 6, 7, 8, 9, and 10 are affected by a remote code execution vulnerability in the XDR RPC service due to an overflow condition caused by improper validation of user-supplied input when handling RPC requests. An unauthenticated, remote attacker can exploit this, via a specially crafted RPC request, to execute arbitrary code.
EBBISLAND / EBBSHAVE is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers.
SolutionUpgrade to Solaris 11 or later. Alternatively, upgrade to Solaris 10 Update 11, or upgrade to Solaris 10 and apply any kernel patch released after 2012/01/26.