CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.5%
rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon.
rpc.rwalld is a utility that listens for remote wall requests. Wall is used to send a message to all terminals of a time sharing system. If the _wall _command cannot be executed, the rwall daemon will display an error message. A format string vulnerability exists in the code that displays the error message. An intruder may be able to consume system resources and prevent wall from executing. This would trigger the rwall daemon’s error message, which could permit the intruder to execute code with the privileges of the rwall daemon.
An intruder may be able to execute code with the privileges of the rwall daemon, typically root.
Apply patches from your vendor.
If no patches are available, disable the rwall daemon. If this is not an option, implement a firewall to limit access to rpc.rwalld (typically port 32777/UDP) as well as the rpc port mapper (typically port 111/TCP/UDP). Note that this will not mitigate all vectors of attack.
638099
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 12, 2002 Updated: May 01, 2002
Affected
Sun confirms that there is a format string vulnerability in rpc.rwalld(1M) which affects Solaris 2.5.1, 2.6, 7 and 8. However, this issue relies on a combination of events, including the exhaustion of system resources, which are difficult to control by a remote user in order to be exploited. Disabling rpc.rwalld(1M) in inetd.conf(4) is the recommended workaround until patches are available.
Sun is currently generating patches for this issue and will be releasing a Sun Security Bulletin once the patches are available. The bulletin will be available from:
<http://sunsolve.sun.com/security>
Sun patches are available from:
<http://sunsolve.sun.com/securitypatch>
The vendor has not provided us with any further information regarding this vulnerability.
rpc.rwalld is installed by default on Solaris 6, 7, and 8.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: May 02, 2002
Not Affected
Mac OS X does not contain rwall, and is not susceptible to the vulnerability described.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
BSD/OS does not include an affected daemon in any version.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
Compaq Tru64 is NOT vulnerable to this reported problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
Cray, Inc. is not vulnerable since the affected code is not included in the rwalld implementation used in Unicos and Unicos/mk.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 17, 2002
Not Affected
FreeBSD is not vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: May 01, 2002
Not Affected
HP is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
IBM’s AIX operating system, versions 4.3.x and 5.1L, is not susceptible to the vulnerability described.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: May 01, 2002
Not Affected
NetBSD has never been vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23638099 Feedback>).
View all 11 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.bugtraq.org/advisories/GOBBLES-32.txt>
This vulnerability was discovered and reported by GOBBLES.
This document was written by Jason Rafail.
CVE IDs: | CVE-2002-0573 |
---|---|
CERT Advisory: | CA-2002-10 Severity Metric: |