Bugtraq mailing list archives
Re: Exploit of rpc.cmsd
From: appro () FY CHALMERS SE (Andy Polyakov)
Date: Sat, 10 Jul 1999 00:43:08 +0200
Bob!
The calendar manager (rpc.cmsd) on Solaris 2.5 and 2.5.1 is vulnerable to a buffer overflow attack... ... we have seen the intruder delete administrator logs, change homepages, and insert backdoors. The attack signature is similar to the tooltalk attack.
Can you confirm that compromised system(s) were equipped with CDE? Or in other words was it /usr/dt/bin/rpc.cmsd that was assigned to do the job in /etc/inetd.conf?
Further, it appears that even patched versions may be vulnerable.
Could you be more specific here and tell exactly which patches are you talking about?
Also, rpc.cmsd under Solaris 2.6 could also be problematic.
I want to point out that there is a rather fresh 105566-07 for Solaris 2.6 which claims "4230754 Possible buffer overflows in rpc.cmsd" fixed. There is rather old 103670-03 for Solaris 2.5[.1] which claims "1264389 rpc.cmsd security problem." fixed. Then there is 104976-03 claiming "1265008: Solaris 2.x rpc.cmsd vulnerabity" fixed. Are these the ones you refer to as "patched versions" and "could be problematic"? Andy.
Current thread:
- Exploit of rpc.cmsd Bob Todd (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 09)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 10)
- Re: Exploit of rpc.cmsd Andy Polyakov (Jul 11)
- Re: Exploit of rpc.cmsd John Hall (Jul 12)
- Re: Exploit of rpc.cmsd Aleph One (Jul 13)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 14)
- Re: Exploit of rpc.cmsd Dan Astoorian (Jul 15)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 15)
- Re: Exploit of rpc.cmsd Aleph One (Jul 13)
- <Possible follow-ups>
- Re: Exploit of rpc.cmsd Stephen C Woods (Jul 10)
- Re: Exploit of rpc.cmsd Casper Dik (Jul 14)