NSI RWhoisd contains format string vulnerability in print_error()

2001-10-29T00:00:00
ID VU:825275
Type cert
Reporter CERT
Modified 2001-10-29T00:00:00

Description

Overview

A remotely exploitable format string vulnerability exists in the Referral Whois server daemon (RWhoisd).

Description

As the Internet has grown, the centralized whois database was not able to scale. In order to deal with scaling the whois system, Referral Whois was developed. Referral Whois uses a de-centralized approach to housing and distributing the whois data.

Quoting from RFC 2167:

RWhois provides a distributed system for the discovery,retrieval, and maintenance of directory information. This system is primarily hierarchical by design. It allows for the deterministic routing of a query based on hierarchical tags, referring the user closer to the maintainer of the information. While RWhois can be considered a generic directory services protocol, it distinguishes itself from other protocols by providing an integrated, hierarchical architecture and query routing mechanism.

Because of a format string vulnerability in the print_error() function in the RWhois server code, an attacker can send specially crafted data to the RWhois server and overwrite certain areas of memory.


Impact

Exploitation of this vulnerability may lead to arbitrary code being executed with the privileges of the user running RWhoisd. The RWhois server can run as an unpriviledged user or root. These options are specified in the RWhois server configuration file.


Solution

Obtain a patch from your vendor.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Arin| | 25 Oct 2001| 29 Oct 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.securityfocus.com/bid/3474>

Credit

This document was written by Ian Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 25 Oct 2001
  • Date First Published: 29 Oct 2001
  • Date Last Updated: 29 Oct 2001
  • Severity Metric: 13.39
  • Document Revision: 32