Sun RPC XDR xdrmem_getbytes Function Remote Overflow

Critical Nessus Plugin ID 11420

Synopsis

Arbitrary code may be run on the remote server.

Description

The RPC library has an integer overflow in the function xdrmem_getbytes().

An attacker may use this flaw to execute arbitrary code on this host with the privileges your RPC programs are running with (typically root), by sending a specially crafted request to them.

Note that this issue affects Solaris, as well as Red Hat Enterprise Linux and Fedora.

Nessus used this flaw to crash the portmapper.

Solution

Contact the vendor for a patch.

Plugin Details

Severity: Critical

ID: 11420

File Name: rpc_xdrmem_bytes.nasl

Version: $Revision: 1.28 $

Type: remote

Family: RPC

Published: 2003/03/19

Modified: 2016/05/19

Dependencies: 10223

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: rpc/portmap, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/03/19

Reference Information

CVE: CVE-2003-0028, CVE-2013-1950

BID: 7123, 59365

CERT-CC: CA-2003-10

EDB-ID: 26887