Vulnerabilities > CVE-2002-0573 - Unspecified vulnerability in SUN Solaris and Sunos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Nessus
| NASL family | RPC |
| NASL id | RWALLD_FORMAT_STRING.NASL |
| description | The rpc.walld RPC service is running. Some versions of this server allow an attacker to gain root access remotely, by consuming the resources of the remote host then sending a specially formed packet with format strings to this host. Solaris 2.5.1, 2.6, 7, 8 and 9 are vulnerable to this issue. Other operating systems might be affected as well. Nessus did not check for this vulnerability, so this might be a false positive. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10950 |
| published | 2002-05-02 |
| reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/10950 |
| title | Solaris rpc.rwalld Remote Format String Arbitrary Code Execution |
Oval
accepted 2010-09-20T04:00:22.248-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. family unix id oval:org.mitre.oval:def:41 status accepted submitted 2003-01-30T12:00:00.000-04:00 title Solaris 7 RWall Daemon Syslog Format String Vulnerability version 37 accepted 2010-09-20T04:00:36.762-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. family unix id oval:org.mitre.oval:def:79 status accepted submitted 2003-01-30T12:00:00.000-04:00 title Solaris 8 RWall Daemon Syslog Format String Vulnerability version 37
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
- http://online.securityfocus.com/archive/1/270268
- http://www.cert.org/advisories/CA-2002-10.html
- http://www.iss.net/security_center/static/8971.php
- http://www.kb.cert.org/vuls/id/638099
- http://www.osvdb.org/778
- http://www.securityfocus.com/bid/4639
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A41
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A79