rpc.rwalld contains remotely exploitable format string vulnerability

2002-04-30T00:00:00
ID VU:638099
Type cert
Reporter CERT
Modified 2002-05-02T00:00:00

Description

Overview

rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon.

Description

rpc.rwalld is a utility that listens for remote wall requests. Wall is used to send a message to all terminals of a time sharing system. If the _wall _command cannot be executed, the rwall daemon will display an error message. A format string vulnerability exists in the code that displays the error message. An intruder may be able to consume system resources and prevent wall from executing. This would trigger the rwall daemon's error message, which could permit the intruder to execute code with the privileges of the rwall daemon.


Impact

An intruder may be able to execute code with the privileges of the rwall daemon, typically root.


Solution

Apply patches from your vendor.


If no patches are available, disable the rwall daemon. If this is not an option, implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP) as well as the rpc port mapper (typically port 111/TCP/UDP). Note that this will not mitigate all vectors of attack.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Sun| | 12 Apr 2002| 01 May 2002
Apple| | 15 Apr 2002| 02 May 2002
BSDI| | 15 Apr 2002| 15 Apr 2002
Compaq Computer Corporation| | 15 Apr 2002| 15 Apr 2002
Cray| | 15 Apr 2002| 15 Apr 2002
FreeBSD| | 15 Apr 2002| 17 Apr 2002
Hewlett Packard| | 15 Apr 2002| 01 May 2002
IBM| | 15 Apr 2002| 15 Apr 2002
NETBSD| | 15 Apr 2002| 01 May 2002
OpenBSD| | 15 Apr 2002| 15 Apr 2002
SGI| | 15 Apr 2002| 15 Apr 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.bugtraq.org/advisories/GOBBLES-32.txt>

Credit

This vulnerability was discovered and reported by GOBBLES.

This document was written by Jason Rafail.

Other Information

  • CVE IDs: Unknown
  • CERT Advisory: CA-2002-10
  • Date Public: 29 Apr 2002
  • Date First Published: 30 Apr 2002
  • Date Last Updated: 02 May 2002
  • Severity Metric: 22.44
  • Document Revision: 24