BID:21964

Sun Solaris RPC Request Denial of Service Vulnerability

Info

Sun Solaris RPC Request Denial of Service Vulnerability

Bugtraq ID:	21964
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-0165 CVE-2008-4619
Remote:	Yes
Local:	Yes
Published:	Jan 09 2007 12:00AM
Updated:	May 07 2015 05:07PM
Credit:	Anil Kumar of the BlueLane Research Team discovered this issue.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri CTX 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service MPS 100 0 Nortel Networks Self-Service - CCSS7 0 libtirpc libtirpc 0.1.7 HP HP-UX B.11.23 HP HP-UX B.11.11 Avaya Proactive Contact 3.0

Not Vulnerable:

Discussion

Sun Solaris RPC Request Denial of Service Vulnerability

The Solaris operating system is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the 'rpcbind(1M)' server, denying service to legitimate users.

Exploit / POC

Sun Solaris RPC Request Denial of Service Vulnerability

An attacker can exploit this issue by using standard network utilities.

The following exploit code is available:

/data/vulnerabilities/exploits/21964.c

Solution / Fix

References

Sun Solaris RPC Request Denial of Service Vulnerability

References:

Bug 468014 CVE-2008-4619 libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE (Tomas Hoger)
Solaris Homepage (Sun Microsystems)
2008009217 Nortel Response to Sun Alert 200412 - Solaris Vulnerability May Lead (Nortel Networks)
ASA-2008-395 HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial (Avaya)
Sun Alert ID 102713: A Security Vulnerability in Solaris libnsl(3LIB) may lead (Sun Microsystems)