Vulnerability Name:

CVE-2007-5462 (CCN-37194)

Assigned:2007-10-13
Published:2007-10-13
Updated:2017-07-29
Summary:Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-5462

Source: OSVDB
Type: UNKNOWN
40814

Source: CCN
Type: SA27183
Sun Solaris RPC Services Library Denial of Service

Source: SECUNIA
Type: UNKNOWN
27183

Source: CCN
Type: SA27386
Avaya CMS / IR Sun Solaris RPC Services Library Denial of Service

Source: SECUNIA
Type: UNKNOWN
27386

Source: CCN
Type: SECTRACK ID: 1018818
Solaris librpcsvc RPC Bug Lets Remote and Local Users Deny Service

Source: CCN
Type: Sun Alert ID: 103082
Security Vulnerability in the Solaris RPC Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service (DoS) Against Networked File Systems

Source: SUNALERT
Type: UNKNOWN
103082

Source: SUNALERT
Type: UNKNOWN
200590

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-437.htm

Source: CCN
Type: ASA-2007-437
Security Vulnerability in the Solaris RPC Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service (DoS) Against Networked File Systems (Sun 103082)

Source: CCN
Type: OSVDB ID: 40814
Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Remote DoS

Source: BID
Type: UNKNOWN
26071

Source: CCN
Type: BID-26071
Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018818

Source: VUPEN
Type: UNKNOWN
ADV-2007-3490

Source: XF
Type: UNKNOWN
solaris-rpc-services-dos(37194)

Source: XF
Type: UNKNOWN
solaris-rpc-services-dos(37194)

Source: XF
Type: UNKNOWN
solaris-mountd-dos(37195)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:8.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0:*:x86:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5462 (CCN-37195)

    Assigned:2007-10-13
    Published:2007-10-13
    Updated:2007-10-13
    Summary:Sun Solaris is vulnerable to a denial of service, caused by an error in the RPC Services Library (librpcsvc). If the mountd service is used on an NFS server with an overly large number of exported file systems or with long access lists, a remote attacker could exploit this vulnerability to crash the mountd daemon.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
    5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
    3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2007-5462

    Source: CCN
    Type: SA27183
    Sun Solaris RPC Services Library Denial of Service

    Source: CCN
    Type: SA27386
    Avaya CMS / IR Sun Solaris RPC Services Library Denial of Service

    Source: CCN
    Type: SECTRACK ID: 1018818
    Solaris librpcsvc RPC Bug Lets Remote and Local Users Deny Service

    Source: CCN
    Type: Sun Alert ID: 103082
    Security Vulnerability in the Solaris RPC Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service (DoS) Against Networked File Systems

    Source: CCN
    Type: ASA-2007-437
    Security Vulnerability in the Solaris RPC Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service (DoS) Against Networked File Systems (Sun 103082)

    Source: CCN
    Type: OSVDB ID: 40814
    Solaris RPC Services Library (librpcsvc(3LIB)) Unspecified Packet Handling Remote DoS

    Source: CCN
    Type: BID-26071
    Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability

    Source: XF
    Type: UNKNOWN
    solaris-mountd-dos(37195)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:sun:solaris:8:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
  • AND
  • cpe:/a:avaya:interactive_response:1.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun solaris 8.0
    sun solaris 8.0
    sun solaris 9.0
    sun solaris 9.0
    sun solaris 10.0
    sun solaris 10.0
    sun solaris 8
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun solaris 10
    sun solaris 9
    avaya interactive response 1.3