|
Note: This is an archival copy of Security Sun Alert 200175 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000129.1. |
Category Security Release Phase Resolved Solaris 2.5.1 Bug Id 4124715 Date of Resolved Release 27-FEB-2003 Impact A local or remote unprivileged user may be able to cause a denial of service against RPC based services and applications. All RPC services using connection oriented transports such as TCP are vulnerable. On Solaris, ypxfrd(1M), nfsd(1M) and ypserv(1M) are known to be affected. This issue is described in a recent CERT Vulnerability VU#266817 (see http://www.kb.cert.org/vuls/id/266817). Note: These patches have been available for approximately two years. This is because Sun addressed the issue prior to the publication of the CERT vulnerability.
Contributing Factors This issue can occur in the following releases: SPARC Platform
103686-03 103995-02 104166-05 104220-04 104331-08 105133-02 108928-01 103640-33 105165-03
105216-04 105552-03 105615-08 108307-02 108346-03 108890-01 108893-01 108895-01 105401-28 105403-03 (obsoleted by 108890-02) 106592-03
108748-01 108750-01 108752-01 (obsoleted by 106541-14) 106942-09 107477-03 108551-03 108754-01 108756-01 108758-01 108760-01 108762-01 108764-01 x86 Platform
103687-03 103996-02 104167-05 104221-04 104332-08 105134-02 108929-01 103641-33 105166-03
105217-04 105553-03 105616-08 108308-02 108891-01 108894-01 108896-01 105402-27 105404-03 (obsoleted by 108891-02) 106593-03
108749-01 108751-01 108753-01 (obsoleted by 106542-15) 106943-09 107478-03 108552-03 108755-01 108757-01 108759-01 108761-01 108763-01 108765-01 Note: Solaris 8 and 9 are not affected by this issue. Symptoms RPC services affected will stop servicing any requests. One can ping any RPC service using rpcinfo(1M) to check if the service is responding or not. In order to check if a particular RPC service, registered on TCP is responding or not, one can invoke rpcinfo(1M) as follows: $/usr/bin/rpcinfo -T tcp <hostname> <prognum>
Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC Platform
103686-03 or later 103995-02 or later 104166-05 or later 104220-04 or later 104331-08 or later 105133-02 or later 108928-01 or later 103640-33 or later 105165-03 or later
105216-04 or later 105552-03 or later 105615-08 or later 108307-02 or later 108346-03 or later 108890-01 or later 108893-01 or later 108895-01 or later 105401-28 or later 105403-03 or later 106592-03 or later
108748-01 or later 108750-01 or later 106541-14 or later 106942-09 or later 107477-03 or later 108551-03 or later 108754-01 or later 108756-01 or later 108758-01 or later 108760-01 or later 108762-01 or later 108764-01 or later x86 Platform
103687-03 or later 103996-02 or later 104167-05 or later 104221-04 or later 104332-08 or later 105134-02 or later 108929-01 or later 103641-33 or later 105166-03 or later
105217-04 or later 105553-03 or later 105616-08 or later 108308-02 or later 108891-01 or later 108894-01 or later 108896-01 or later 105402-27 or later 105404-03 or later 106593-03 or later
108749-01 or later 108751-01 or later 106542-15 or later 106943-09 or later 107478-03 or later 108552-03 or later 108755-01 or later 108757-01 or later 108759-01 or later 108761-01 or later 108763-01 or later 108765-01 or later Modification History Date: 28-FEB-2003
Attachments This solution has no attachment | |||||||||||||||
|
|