SynopsisArbitrary code may be run on the remote server.
DescriptionThe RPC library has an integer overflow in the function xdrmem_getbytes().
An attacker may use this flaw to execute arbitrary code on this host with the privileges your RPC programs are running with (typically root), by sending a specially crafted request to them.
Note that this issue affects Solaris, as well as Red Hat Enterprise Linux and Fedora.
Nessus used this flaw to crash the portmapper.
SolutionContact the vendor for a patch.