SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Rpcbind Vendors:   Sun
Sun Solaris rpcbind Unspecified Flaw Lets Remote Users Terminate the Service
SecurityTracker Alert ID:  1006676
SecurityTracker URL:  http://securitytracker.com/id/1006676
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 29 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Solaris 2.6, 7, 8, and 9
Description:   A denial of service vulnerability was reported in rpcbind(1M) for Sun Solaris. A remote user can cause the service to crash.

Sun reported that a remote user can cause rpcbind(1M) to be terminated. No further details were provided.

[Editor's note: This appears to be a separate and different flaw than the rpcbind bug reported in February 2003 in Alert ID 1006131.]

Impact:   A remote user could cause rpcbind to terminate, causing denial of service conditions for rpc services.
Solution:   Sun has issued the following fixes:

SPARC Platform

Solaris 2.6 with patch 105401-42 or later
Solaris 7 with patch 106942-25 or later
Solaris 8 with patch 108827-40 (patch 108827-40 has been obsoleted by patch 108993-18)
Solaris 8 with patch 108993-18 or later
Solaris 9 with patch 113319-07 or later

x86 Platform

Solaris 2.6 with patch 105402-42 or later
Solaris 7 with patch 106943-25 or later
Solaris 8 with patch 108828-40 (patch 108828-40 has been obsoleted by patch 108994-18)
Solaris 8 with patch 108994-18 or later
Solaris 9 with patch 113719-02 or later

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50922 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents

Subject:  50922 rpcbind(1M) May be Terminated by Unprivileged Client Applications,


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50922

Sun issued Sun Alert 50922 warning of a flaw in rpcbind(1M).  A remote user can cause 
rpcbind to be terminated.

Solaris 2.6, 7, 8, and 9 are affected.


Sun has issued the following fixes:

SPARC Platform

Solaris 2.6 with patch 105401-42 or later
Solaris 7 with patch 106942-25 or later
Solaris 8 with patch 108827-40 (patch 108827-40 has been obsoleted by patch 108993-18)
Solaris 8 with patch 108993-18 or later
Solaris 9 with patch 113319-07 or later

x86 Platform

Solaris 2.6 with patch 105402-42 or later
Solaris 7 with patch 106943-25 or later
Solaris 8 with patch 108828-40 (patch 108828-40 has been obsoleted by patch 108994-18)
Solaris 8 with patch 108994-18 or later
Solaris 9 with patch 113719-02 or later



-----

Sun Alert ID: 50922
Synopsis: rpcbind(1M) May be Terminated by Unprivileged Client Applications, Leading to 
Denial of RPC Services
Category: Security
Product: Solaris
BugIDs: 4710928
Avoidance: Patch
State: Resolved
Date Released: 28-Apr-2003
Date Closed: 28-Apr-2003
Date Modified:



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC