Vulnerabilities > CVE-2008-3870 - Numeric Errors vulnerability in SUN Solaris 8.0/9.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS8_116455.NASL |
description | SunOS 5.8: Solaris sadmind default securit. Date this patch was last updated by Sun : Feb/06/04 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 13405 |
published | 2004-07-12 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/13405 |
title | Solaris 8 (sparc) : 116455-01 |
Oval
accepted | 2010-09-20T04:00:32.984-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:6092 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2009-05-28T13:34:47.000-04:00 | ||||||||||||||||
title | Integer Overflow Vulnerability in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution | ||||||||||||||||
version | 37 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 35083 CVE(CAN) ID: CVE-2008-3869,CVE-2008-3870 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的sadmind守护程序在为入站的sadmind请求分配内存时存在整数溢出,在解码某些请求参数时存在堆溢出。如果远程攻击者提交了畸形的RPC请求的话,就可以触发这些溢出,导致以root用户权限执行任意代码。 Sun Solaris 9.0_x86 Sun Solaris 9.0 Sun Solaris 8.0_x86 Sun Solaris 8.0 临时解决方法: 如下禁用sadmind(1M): 1. 以root用户编辑/etc/inetd.conf文件,注释掉如下的sadmind(1M)项: #100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind 2. 使用以下命令重启inetd(1M)进程,重新读取修改过的/etc/inetd.conf文件: # /usr/bin/pkill -HUP inetd 厂商补丁: Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-259468)以及相应补丁: Sun-Alert-259468:Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution 链接:<a href="http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-259468-1" target="_blank" rel=external nofollow>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-259468-1</a> |
id | SSV:11414 |
last seen | 2017-11-19 |
modified | 2009-05-25 |
published | 2009-05-25 |
reporter | Root |
title | Sun Solaris sadmind守护程序多个远程溢出漏洞 |
References
- http://secunia.com/advisories/32473
- http://secunia.com/advisories/35191
- http://secunia.com/secunia_research/2008-47/
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm
- http://www.osvdb.org/54668
- http://www.securityfocus.com/archive/1/503772/100/0/threaded
- http://www.securityfocus.com/bid/35083
- http://www.securitytracker.com/id?1022275
- http://www.vupen.com/english/advisories/2009/1409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50706
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6092