Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4710928
Date of Resolved Release28-APR-2003
Impact
rpcbind(1M) may be terminated by a local or remote unprivileged user. This would cause a denial of service to RPC applications hosted on the affected system.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 2.6 without patch 105401-42
-
Solaris 7 without patch 106942-25
-
Solaris 8 without patch 108827-40 and without patch 108993-18
-
Solaris 9 without patch 113319-07
x86 Platform
-
Solaris 2.6 without patch 105402-42
-
Solaris 7 without patch 106943-25
-
Solaris 8 without patch 108828-40 and without patch 108994-18
-
Solaris 9 without patch 113719-07
Solaris 2.5.1 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.
Note: Patch 108827-40 has been obsoleted by patch 108993-18. Patch 108828-40 has been obsoleted by patch 108994-18.
Symptoms
The "rpcbind" process is no longer running.
When executed, the rpcinfo(1M) command will display an error message as in the following example:
$ rpcinfo
rpcinfo: can't contact rpcbind: RPC: Rpcbind failure - RPC: Failed (unspecified error)
Workaround
As a precaution, consider refusing access to rpcbind(1M) from untrusted networks. This can be achieved by blocking connections from untrusted networks to ports used by rpcbind(1M) (typically ports 111/UDP and 111/TCP; use "rpcinfo | grep rpcbind" to determine UDP/TCP ports in use by rpcbind(1M))
To facilitate restarting rpcbind(1M), consider generating a list of currently registered RPC services. This can be done by once terminating the "rpcbind" process with a "TERM" signal after all hosted RPC services have been started and restarting it with the "-w " option:
# pkill -TERM rpcbind
# /usr/sbin/rpcbind -w
As a result, the "rpcbind" process will write a list of all currently registered RPC services to the "/tmp/rpcbind.file" and /"tmp/portmap.file" files.
Should the "rpcbind" process exit unexpectedly later it can be restarted with the "-w" option to re-register RPC services available at the time the "pkill -TERM rpcbind" was issued:
# /usr/sbin/rpcbind -w
This will eliminate the need to restart hosted RPC services after restarting rpcbind(1M).
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 2.6 with patch 105401-42 or later
-
Solaris 7 with patch 106942-25 or later
-
Solaris 8 with patch 108827-40 (patch 108827-40 has been obsoleted by patch 108993-18)
-
Solaris 8 with patch 108993-18 or later
-
Solaris 9 with patch 113319-07 or later
x86 Platform
-
Solaris 2.6 with patch 105402-42 or later
-
Solaris 7 with patch 106943-25 or later
-
Solaris 8 with patch 108828-40 (patch 108828-40 has been obsoleted by patch 108994-18)
-
Solaris 8 with patch 108994-18 or later
-
Solaris 9 with patch 113719-02 or later
Modification History
References
105401-42
105402-42
106942-25
106943-25
108827-40
108828-40
108993-18
108994-18
113319-07
113719-02
AttachmentsThis solution has no attachment