Gain root remotely : cachefsd overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10951

Categoría: Gain root remotely

Título: cachefsd overflow

Resumen: NOSUMMARY

Descripción: Description:

The cachefsd RPC service is running on this port.

Multiple vulnerabilities exist in this service. At least
one heap overflow vulnerability can be exploited remotely
to obtain root privileges by sending a long directory and
cache name request to the service. A buffer overflow can
result in root privileges from local users exploiting the
fscache_setup function with a long mount argument.

Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this
issue. Sun patch 110896-02 is available for Solaris 8.
Other operating systems might be affected as well.

*** OpenVAS did not check for this vulnerability,
*** so this might be a false positive

Solution : Deactivate this service - there is no patch at this time
for pre-8 systems
/etc/init.d/cachefs.daemon stop
AND:
Edit /etc/inetd.conf and disable the 100235/rcp service:
#100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefsd cachefsd
Then kill -HUP the inetd process id.
These activities may need to be repeated after every
patch installation.

Risk factor : High

Referencia Cruzada: BugTraq ID: 4631
Common Vulnerability Exposure (CVE) ID: CVE-2002-0084
Bugtraq: 20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability (Google Search)
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html
CERT/CC vulnerability note: VU#161931
http://www.kb.cert.org/vuls/id/161931
http://www.esecurityonline.com/advisories/eSO4198.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97

Copyright This script is Copyright (C) 2002 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10951
Categoría:	Gain root remotely
Título:	cachefsd overflow
Resumen:	NOSUMMARY
Descripción:	Description: The cachefsd RPC service is running on this port. Multiple vulnerabilities exist in this service. At least one heap overflow vulnerability can be exploited remotely to obtain root privileges by sending a long directory and cache name request to the service. A buffer overflow can result in root privileges from local users exploiting the fscache_setup function with a long mount argument. Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this issue. Sun patch 110896-02 is available for Solaris 8. Other operating systems might be affected as well. * OpenVAS did not check for this vulnerability, * so this might be a false positive Solution : Deactivate this service - there is no patch at this time for pre-8 systems /etc/init.d/cachefs.daemon stop AND: Edit /etc/inetd.conf and disable the 100235/rcp service: #100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefsd cachefsd Then kill -HUP the inetd process id. These activities may need to be repeated after every patch installation. Risk factor : High
Referencia Cruzada:	BugTraq ID: 4631 Common Vulnerability Exposure (CVE) ID: CVE-2002-0084 Bugtraq: 20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability (Google Search) http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html CERT/CC vulnerability note: VU#161931 http://www.kb.cert.org/vuls/id/161931 http://www.esecurityonline.com/advisories/eSO4198.asp https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97
Copyright	This script is Copyright (C) 2002 Renaud Deraison