Gain root remotely : cachefsd overflow

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.10951

Kategorie: Gain root remotely

Titel: cachefsd overflow

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The cachefsd RPC service is running on this port.

Multiple vulnerabilities exist in this service. At least
one heap overflow vulnerability can be exploited remotely
to obtain root privileges by sending a long directory and
cache name request to the service. A buffer overflow can
result in root privileges from local users exploiting the
fscache_setup function with a long mount argument.

Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this
issue. Sun patch 110896-02 is available for Solaris 8.
Other operating systems might be affected as well.

*** OpenVAS did not check for this vulnerability,
*** so this might be a false positive

Solution : Deactivate this service - there is no patch at this time
for pre-8 systems
/etc/init.d/cachefs.daemon stop
AND:
Edit /etc/inetd.conf and disable the 100235/rcp service:
#100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefsd cachefsd
Then kill -HUP the inetd process id.
These activities may need to be repeated after every
patch installation.

Risk factor : High

Querverweis: BugTraq ID: 4631
Common Vulnerability Exposure (CVE) ID: CVE-2002-0084
Bugtraq: 20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability (Google Search)
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html
CERT/CC vulnerability note: VU#161931
http://www.kb.cert.org/vuls/id/161931
http://www.esecurityonline.com/advisories/eSO4198.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97

Copyright This script is Copyright (C) 2002 Renaud Deraison

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.10951
Kategorie:	Gain root remotely
Titel:	cachefsd overflow
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The cachefsd RPC service is running on this port. Multiple vulnerabilities exist in this service. At least one heap overflow vulnerability can be exploited remotely to obtain root privileges by sending a long directory and cache name request to the service. A buffer overflow can result in root privileges from local users exploiting the fscache_setup function with a long mount argument. Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this issue. Sun patch 110896-02 is available for Solaris 8. Other operating systems might be affected as well. * OpenVAS did not check for this vulnerability, * so this might be a false positive Solution : Deactivate this service - there is no patch at this time for pre-8 systems /etc/init.d/cachefs.daemon stop AND: Edit /etc/inetd.conf and disable the 100235/rcp service: #100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefsd cachefsd Then kill -HUP the inetd process id. These activities may need to be repeated after every patch installation. Risk factor : High
Querverweis:	BugTraq ID: 4631 Common Vulnerability Exposure (CVE) ID: CVE-2002-0084 Bugtraq: 20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability (Google Search) http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html CERT/CC vulnerability note: VU#161931 http://www.kb.cert.org/vuls/id/161931 http://www.esecurityonline.com/advisories/eSO4198.asp https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97
Copyright	This script is Copyright (C) 2002 Renaud Deraison