BID:26071

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Info

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Bugtraq ID:	26071
Class:	Unknown
CVE:	CVE-2007-5462
Remote:	Yes
Local:	Yes
Published:	Oct 13 2007 12:00AM
Updated:	Oct 26 2007 08:16PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10.0_x86 Sun Solaris 10.0 Avaya Interactive Response 1.3 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1

Not Vulnerable:

Discussion

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Sun Solaris is prone to a denial-of-service vulnerability that stems from an unspecified error in Solaris RPC Services Library 'librpcsvc(3LIB)'. Remote and local attackers may exploit this issue to deny service to legitimate users.

Sun Solaris 8, 9, and 10 for SPARC and x86 architectures are affected.

Exploit / POC

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Solution:
Sun has released an advisory and fixes to address these issues. Please see the references for more information.

Sun Solaris 10.0

Sun 124444-01 (SPARC)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124444-01-1

Sun Solaris 8_x86

Sun 127549-01 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127549-01-1

Sun Solaris 8_sparc

Sun 127548-01 (SPARC)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127548-01-1

Sun Solaris 9

Sun 123396-01 (SPARC)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -123396-01-1

Sun Solaris 9_x86

Sun 123397-01 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -123397-01-1

Sun Solaris 10.0_x86

Sun 124445-01 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124445-01-1

References

Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

References:

Sun Solaris Home Page (Sun Microsystems)
ASA-2007-437 Security Vulnerability in the Solaris RPC Services Library (librpcs (Avaya)
Sun Alert ID: 103082 Security Vulnerability in the Solaris RPC Services Library (Sun Microsystems)