Vulnerabilities > CVE-2002-1265 - Denial Of Service vulnerability in Multiple Vendor Sun RPC LibC TCP Time-Out

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

gnu

sgi

apple

nessus

NVD

Published: 2002-11-12

Updated: 2017-10-10

Summary

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc 2.0 GNU Glibc 2.0.1 GNU Glibc 2.0.2 GNU Glibc 2.0.3 GNU Glibc 2.0.4 GNU Glibc 2.0.5 GNU Glibc 2.0.6 GNU Glibc 2.1 GNU Glibc 2.1.1 GNU Glibc 2.1.1.6 GNU Glibc 2.1.2 GNU Glibc 2.1.3 GNU Glibc 2.1.3.10 GNU Glibc 2.2 GNU Glibc 2.2.1 GNU Glibc 2.2.2 GNU Glibc 2.2.3 GNU Glibc 2.2.4 GNU Glibc 2.2.5 GNU Glibc 2.3	20
OS	Sgi SGI Irix 2.3.1 SGI Irix 6.5 SGI Irix 6.5.1 SGI Irix 6.5.2 SGI Irix 6.5.3 SGI Irix 6.5.4 SGI Irix 6.5.5 SGI Irix 6.5.6 SGI Irix 6.5.7 SGI Irix 6.5.8 SGI Irix 6.5.9 SGI Irix 6.5.10 SGI Irix 6.5.11 SGI Irix 6.5.12 SGI Irix 6.5.13 SGI Irix 6.5.14F SGI Irix 6.5.14M SGI Irix 6.5.15F SGI Irix 6.5.15M SGI Irix 6.5.16F SGI Irix 6.5.16M SGI Irix 6.5.17F SGI Irix 6.5.17M	23
OS	Apple Apple MAC OS X 10.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.1 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.1	16

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30090.NASL
description	s700_800 11.23 libnsl cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	16725
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16725
title	HP-UX PHNE_30090 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHKL_31500.NASL
description	s700_800 11.23 Sept04 base patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - A potential vulnerability has been identified in HP-UX running the Veritas File System (VxFS) that may allow a local authorized user access to unauthorized data. - A potential security vulnerability has been identified with HP-UX running TCP/IP. The potential vulnerability could be exploited remotely to cause a Denial of Service (DoS). (HPSBUX02087 SSRT4728) - A potential security vulnerability has been found in HP-UX running rpc.ypupdated. The vulnerability could be exploited to allow remote unauthorized access. (HPSBUX01002 SSRT4688)
last seen	2020-06-01
modified	2020-06-02
plugin id	17400
published	2005-03-18
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17400
title	HP-UX PHKL_31500 : s700_800 11.23 Sept04 base patch

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_29211.NASL
description	s700_800 11.11 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596) - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384)
last seen	2020-06-01
modified	2020-06-02
plugin id	16928
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16928
title	HP-UX PHNE_29211 : s700_800 11.11 ONC/NFS General Release/Performance Patch

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_29210.NASL
description	s700_800 11.00 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596)
last seen	2020-06-01
modified	2020-06-02
plugin id	16929
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16929
title	HP-UX PHNE_29210 : s700_800 11.00 ONC/NFS General Release/Performance Patch

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30091.NASL
description	s700_800 11.23 NIS/NIS+ cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	56836
published	2012-03-06
reporter	This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/56836
title	HP-UX PHNE_30091 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30094.NASL
description	s700_800 11.23 NFS cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	56839
published	2012-03-06
reporter	This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/56839
title	HP-UX PHNE_30094 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30092.NASL
description	s700_800 11.23 RPC commands and daemons cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	56837
published	2012-03-06
reporter	This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/56837
title	HP-UX PHNE_30092 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_29449.NASL
description	s700_800 11.22 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - Potential buffer overflow in XDR library. (HPSBUX00215 SSRT2336) - Potential buffer overflow in xdrmem_getbytes() and related functions. (HPSBUX00252 SSRT2439) - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596)
last seen	2020-06-01
modified	2020-06-02
plugin id	16911
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16911
title	HP-UX PHNE_29449 : s700_800 11.22 ONC/NFS General Release/Performance Patch

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30808.NASL
description	s700_800 11.04 (VVOS) ONC/NFS General Release/Perf Patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	16607
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16607
title	HP-UX PHNE_30808 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_30093.NASL
description	s700_800 11.23 Lock Manager cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
last seen	2020-06-01
modified	2020-06-02
plugin id	56838
published	2012-03-06
reporter	This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/56838
title	HP-UX PHNE_30093 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)

Oval

accepted

2005-06-01T03:30:00.000-04:00

class

vulnerability

contributors

name	Brian Soby
organization	The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:2248

status

accepted

submitted

2005-04-13T12:00:00.000-04:00

title

Sun RPC No Timeout Denial of Service on TCP Ports

version

Summary

Vulnerable Configurations

Nessus

Oval

References