Vulnerabilities > CVE-2008-3870 - Numeric Errors vulnerability in SUN Solaris 8.0/9.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
CWE-189
critical
nessus

Summary

Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.

Vulnerable Configurations

Part Description Count
OS
Sun
4

Common Weakness Enumeration (CWE)

Nessus

NASL familySolaris Local Security Checks
NASL idSOLARIS8_116455.NASL
descriptionSunOS 5.8: Solaris sadmind default securit. Date this patch was last updated by Sun : Feb/06/04
last seen2020-06-01
modified2020-06-02
plugin id13405
published2004-07-12
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13405
titleSolaris 8 (sparc) : 116455-01

Oval

accepted2010-09-20T04:00:32.984-04:00
classvulnerability
contributors
  • namePai Peng
    organizationHewlett-Packard
  • nameJonathan Baker
    organizationThe MITRE Corporation
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
descriptionInteger overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
familyunix
idoval:org.mitre.oval:def:6092
statusaccepted
submitted2009-05-28T13:34:47.000-04:00
titleInteger Overflow Vulnerability in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution
version37

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35083 CVE(CAN) ID: CVE-2008-3869,CVE-2008-3870 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的sadmind守护程序在为入站的sadmind请求分配内存时存在整数溢出,在解码某些请求参数时存在堆溢出。如果远程攻击者提交了畸形的RPC请求的话,就可以触发这些溢出,导致以root用户权限执行任意代码。 Sun Solaris 9.0_x86 Sun Solaris 9.0 Sun Solaris 8.0_x86 Sun Solaris 8.0 临时解决方法: 如下禁用sadmind(1M): 1. 以root用户编辑/etc/inetd.conf文件,注释掉如下的sadmind(1M)项: #100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind 2. 使用以下命令重启inetd(1M)进程,重新读取修改过的/etc/inetd.conf文件: # /usr/bin/pkill -HUP inetd 厂商补丁: Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-259468)以及相应补丁: Sun-Alert-259468:Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution 链接:<a href="http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-259468-1" target="_blank" rel=external nofollow>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-259468-1</a>
idSSV:11414
last seen2017-11-19
modified2009-05-25
published2009-05-25
reporterRoot
titleSun Solaris sadmind守护程序多个远程溢出漏洞