Oval Definition:oval:org.mitre.oval:def:9
Revision Date:2010-09-20Version:18
Title:Solaris 8 RPC xdr_array Buffer Overflow
Description:Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0391
Platform(s):Sun Solaris 8
Product(s):libnsl
Definition Synopsis
  • Software section
  • Solaris 8 Installed
  • AND rpc.cmsd or dmispd exist
  • File rpc.cmsd exists
  • OR File dmispd exists
  • AND Patches 108827-30 and 108901-06
  • Patch 108827-30 or later installed
  • AND Patch 108901-06 or later installed
  • AND Configuration section
  • rpc.cmsd enabled OR dmispd running
  • rpc.cmsd enabled
  • inetd.conf contains rpc.cmsd
  • AND inetd running
  • AND File rpc.cmsd executable
  • File rpc.cmsd executable
  • OR File rpc.cmsd executable
  • OR File rpc.cmsd executable
  • OR dmispd running
    • BACK