Test ID:	1.3.6.1.4.1.25623.1.0.11405
Category:	RPC
Title:	dmisd service
Summary:	NOSUMMARY
Description:	Description: The dmisd RPC service is running. This service uses the function xdr_array() of the RPC library. It turns out that some older versions of the RPC library are vulnerable to an integer overflow in this function, which could allow an attacker to gain root privileges on this host. *** No security hole regarding this program has been tested, so *** this might be a false positive. Solution : We suggest that you disable this service. See also : http://www.cert.org/advisories/CA-2002-25.html Risk factor : High
Cross-Ref:	BugTraq ID: 5356 Common Vulnerability Exposure (CVE) ID: CVE-2002-0391 AIX APAR: IY34194 http://archives.neohapsis.com/archives/aix/2002-q4/0002.html http://www.securityfocus.com/bid/5356 Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search) http://marc.info/?l=bugtraq&m=102813809232532&w=2 Bugtraq: 20020801 RPC analysis (Google Search) http://marc.info/?l=bugtraq&m=102821785316087&w=2 Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search) http://marc.info/?l=bugtraq&m=102831443208382&w=2 Bugtraq: 20020802 kerberos rpc xdr_array (Google Search) http://online.securityfocus.com/archive/1/285740 Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html Bugtraq: 20020909 GLSA: glibc (Google Search) http://marc.info/?l=bugtraq&m=103158632831416&w=2 Caldera Security Advisory: CSSA-2002-055.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt http://www.cert.org/advisories/CA-2002-25.html CERT/CC vulnerability note: VU#192995 http://www.kb.cert.org/vuls/id/192995 Conectiva Linux advisory: CLA-2002:515 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 Conectiva Linux advisory: CLA-2002:535 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 Debian Security Information: DSA-142 (Google Search) http://www.debian.org/security/2002/dsa-142 Debian Security Information: DSA-143 (Google Search) http://www.debian.org/security/2002/dsa-143 Debian Security Information: DSA-146 (Google Search) http://www.debian.org/security/2002/dsa-146 Debian Security Information: DSA-149 (Google Search) http://www.debian.org/security/2002/dsa-149 Debian Security Information: DSA-333 (Google Search) http://www.debian.org/security/2003/dsa-333 En Garde Linux Advisory: ESA-20021003-021 http://www.linuxsecurity.com/advisories/other_advisory-2399.html FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc http://marc.info/?l=bugtraq&m=102821928418261&w=2 HPdes Security Advisory: HPSBTL0208-061 http://online.securityfocus.com/advisories/4402 HPdes Security Advisory: HPSBUX0209-215 http://archives.neohapsis.com/archives/hp/2002-q3/0077.html ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057 Microsoft Security Bulletin: MS02-057 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 NETBSD Security Advisory: NetBSD-SA2002-011 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9 RedHat Security Advisories: RHSA-2002:166 http://rhn.redhat.com/errata/RHSA-2002-166.html http://www.redhat.com/support/errata/RHSA-2002-167.html RedHat Security Advisories: RHSA-2002:172 http://rhn.redhat.com/errata/RHSA-2002-172.html http://www.redhat.com/support/errata/RHSA-2002-173.html http://www.redhat.com/support/errata/RHSA-2003-168.html http://www.redhat.com/support/errata/RHSA-2003-212.html SGI Security Advisory: 20020801-01-A ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A SGI Security Advisory: 20020801-01-P ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P SuSE Security Announcement: SuSE-SA:2002:031 (Google Search) http://www.iss.net/security_center/static/9170.php
Copyright	This script is Copyright (C) 2003 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.