Sun RPC XDR xdrmem_getbytes Function Remote Overflow

critical Nessus Plugin ID 11420

Language:

Synopsis

Arbitrary code may be run on the remote server.

Description

The RPC library has an integer overflow in the function xdrmem_getbytes().

An attacker may use this flaw to execute arbitrary code on this host with the privileges your RPC programs are running with (typically root), by sending a specially crafted request to them.

Note that this issue affects Solaris, as well as Red Hat Enterprise Linux and Fedora.

Nessus used this flaw to crash the portmapper.

Solution

Contact the vendor for a patch.

Plugin Details

Severity: Critical

ID: 11420

File Name: rpc_xdrmem_bytes.nasl

Version: 1.29

Type: remote

Family: RPC

Published: 3/19/2003

Updated: 7/27/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: rpc/portmap, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/19/2003

Reference Information

CVE: CVE-2003-0028, CVE-2013-1950

BID: 7123, 59365

CERT-CC: CA-2003-10