Intrusion Prevention

RPC.Rwalld.Format.String

Description

This indicates a format string vulnerability in Sun Solaris rwall daemon (rpc.rwalld).
The rwall daemon is a utility in Sun Solaris that listens for remote wall requests on a network. There is a vulnerability in Solaris versions 2.6, 7, and 8 that allows remote attackers to execute arbitrary code on a target system by sending a specially-crafted string to rpc.rwalld.

Affected Products

Any unprotected Sun Solaris 2.6, 7 or 8 is vulnerable to the attack.

Impact

Attackers can execute arbitrary code on the system with root privileges.

Recommended Actions

Apply appropriate patches from Sun and/or upgrade the program to the latest non-vulnerable version from the following URL:
http://sunsolve.sun.com

CVE References

CVE-2002-0573

Other References

1 1