Test ID:	1.3.6.1.4.1.25623.1.0.10951
Category:	Gain root remotely
Title:	cachefsd overflow
Summary:	NOSUMMARY
Description:	Description: The cachefsd RPC service is running on this port. Multiple vulnerabilities exist in this service. At least one heap overflow vulnerability can be exploited remotely to obtain root privileges by sending a long directory and cache name request to the service. A buffer overflow can result in root privileges from local users exploiting the fscache_setup function with a long mount argument. Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this issue. Sun patch 110896-02 is available for Solaris 8. Other operating systems might be affected as well. *** OpenVAS did not check for this vulnerability, *** so this might be a false positive Solution : Deactivate this service - there is no patch at this time for pre-8 systems /etc/init.d/cachefs.daemon stop AND: Edit /etc/inetd.conf and disable the 100235/rcp service: #100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefsd cachefsd Then kill -HUP the inetd process id. These activities may need to be repeated after every patch installation. Risk factor : High
Cross-Ref:	BugTraq ID: 4631 Common Vulnerability Exposure (CVE) ID: CVE-2002-0084 Bugtraq: 20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability (Google Search) http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html CERT/CC vulnerability note: VU#161931 http://www.kb.cert.org/vuls/id/161931 http://www.esecurityonline.com/advisories/eSO4198.asp https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97
Copyright	This script is Copyright (C) 2002 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.