Oval Definition:oval:org.mitre.oval:def:42
Revision Date:2010-09-20Version:18
Title:Solaris 7 RPC xdr_array Buffer Overflow
Description:Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0391
Platform(s):Sun Solaris 7
Product(s):libnsl
Definition Synopsis
  • Software section
  • Solaris 7 Installed
  • AND rpc.cmsd or dmispd exist
  • File rpc.cmsd exists
  • OR File dmispd exists
  • AND Patches 106942-22 and 108451-06
  • Patch 106942-22 or later installed
  • AND Patch 108541-06 or later installed
  • AND Configuration section
  • rpc.cmsd enabled OR dmispd running
  • rpc.cmsd enabled
  • inetd.conf contains rpc.cmsd
  • AND inetd running
  • AND File rpc.cmsd executable
  • File rpc.cmsd executable
  • OR File rpc.cmsd executable
  • OR File rpc.cmsd executable
  • OR dmispd running
    • BACK