Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Exploit of rpc.cmsd
From: appro () FY CHALMERS SE (Andy Polyakov)
Date: Sat, 10 Jul 1999 00:43:08 +0200


The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable
to a buffer overflow
... we have seen the
intruder delete administrator
logs, change homepages, and insert backdoors.  The attack signature is
similar to the tooltalk attack.
Can you confirm that compromised system(s) were equipped with CDE? Or in
other words was it /usr/dt/bin/rpc.cmsd that was assigned to do the job
in /etc/inetd.conf?
Further, it appears that even patched versions may be
Could you be more specific here and tell exactly which patches are you
talking about?
Also, rpc.cmsd under
Solaris 2.6 could also be problematic.
I want to point out that there is a rather fresh 105566-07 for Solaris
2.6 which claims "4230754 Possible buffer overflows in rpc.cmsd" fixed.
There is rather old 103670-03 for Solaris 2.5[.1] which claims "1264389
rpc.cmsd security problem." fixed. Then there is 104976-03 claiming
"1265008: Solaris 2.x rpc.cmsd vulnerabity" fixed. Are these the ones
you refer to as "patched versions" and "could be problematic"?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]