Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:638099
HistoryApr 30, 2002 - 12:00 a.m.

rpc.rwalld contains remotely exploitable format string vulnerability

2002-04-3000:00:00
www.kb.cert.org
24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.842

Percentile

98.5%

JSON

Overview

rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon.

Description

rpc.rwalld is a utility that listens for remote wall requests. Wall is used to send a message to all terminals of a time sharing system. If the _wall _command cannot be executed, the rwall daemon will display an error message. A format string vulnerability exists in the code that displays the error message. An intruder may be able to consume system resources and prevent wall from executing. This would trigger the rwall daemon’s error message, which could permit the intruder to execute code with the privileges of the rwall daemon.

Impact

An intruder may be able to execute code with the privileges of the rwall daemon, typically root.

Solution

Apply patches from your vendor.

If no patches are available, disable the rwall daemon. If this is not an option, implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP) as well as the rpc port mapper (typically port 111/TCP/UDP). Note that this will not mitigate all vectors of attack.

Vendor Information

638099

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Sun __ Affected

Notified: April 12, 2002 Updated: May 01, 2002

Status

Affected

Vendor Statement

Sun confirms that there is a format string vulnerability in rpc.rwalld(1M) which affects Solaris 2.5.1, 2.6, 7 and 8. However, this issue relies on a combination of events, including the exhaustion of system resources, which are difficult to control by a remote user in order to be exploited. Disabling rpc.rwalld(1M) in inetd.conf(4) is the recommended workaround until patches are available.

Sun is currently generating patches for this issue and will be releasing a Sun Security Bulletin once the patches are available. The bulletin will be available from:

<http://sunsolve.sun.com/security&gt;

Sun patches are available from:

<http://sunsolve.sun.com/securitypatch&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

rpc.rwalld is installed by default on Solaris 6, 7, and 8.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

Apple __ Not Affected

Notified: April 15, 2002 Updated: May 02, 2002

Status

Not Affected

Vendor Statement

Mac OS X does not contain rwall, and is not susceptible to the vulnerability described.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

BSDI __ Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

BSD/OS does not include an affected daemon in any version.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

Compaq Computer Corporation __ Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

Compaq Tru64 is NOT vulnerable to this reported problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

Cray __ Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

Cray, Inc. is not vulnerable since the affected code is not included in the rwalld implementation used in Unicos and Unicos/mk.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

FreeBSD __ Not Affected

Notified: April 15, 2002 Updated: April 17, 2002

Status

Not Affected

Vendor Statement

FreeBSD is not vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

Hewlett Packard __ Not Affected

Notified: April 15, 2002 Updated: May 01, 2002

Status

Not Affected

Vendor Statement

HP is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

IBM __ Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

IBM’s AIX operating system, versions 4.3.x and 5.1L, is not susceptible to the vulnerability described.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

NETBSD __ Not Affected

Notified: April 15, 2002 Updated: May 01, 2002

Status

Not Affected

Vendor Statement

NetBSD has never been vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

OpenBSD Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

SGI Not Affected

Notified: April 15, 2002 Updated: April 15, 2002

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).

View all 11 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.bugtraq.org/advisories/GOBBLES-32.txt&gt;

Acknowledgements

This vulnerability was discovered and reported by GOBBLES.

This document was written by Jason Rafail.

Other Information

CVE IDs: CVE-2002-0573
CERT Advisory: CA-2002-10 Severity Metric:

Related

openvas 4
checkpoint_advisories 2
nvd 1
nessus 1
cvelist 1
cve 1
openvas
openvas
Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01
2009-06-03 00:00:00
Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01
2009-06-03 00:00:00
Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01
2009-06-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Solaris rwalld Format String - Ver2 (CVE-2002-0573)
2014-01-07 00:00:00
Solaris rwalld Format String - Ver2 (CVE-2002-0573)
2014-02-03 00:00:00
nvd
nvd
CVE-2002-0573
2002-07-03 04:00:00
nessus
nessus
Solaris rpc.rwalld Remote Format String Arbitrary Code Execution
2002-05-02 00:00:00
cvelist
cvelist
CVE-2002-0573
2003-04-02 05:00:00
cve
cve
CVE-2002-0573
2003-04-02 05:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.842

Percentile

98.5%

JSON
Related for VU:638099
openvas4checkpoint_advisories2nvd1nessus1cvelist1cve1