| GEN:SID | 1:1911 |
| Message | RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with the Remote Procedure Call (RPC) sadmind.
|
| Impact | Remote root access. This attack may permit execution of arbitrary commands with the privileges of root.
|
| Detailed Information | The sadmind RPC service is used by Solaris Solstice AdminSuite applications to perform remote distributed system administration tasks such as adding new users. A buffer overflow associated with the NETMGT_PROC_SERVICE request of sadmind exists because of improper bounds checking. This may permit execution of arbitrary commands with the privileges of root.
|
| Affected Systems | Sun Solaris 2.5, 2.5.1, 2.6, 7.0
|
| Attack Scenarios | Exploit code can be used to attack a vulnerable sadmind to obtain root access to the remote host.
|
| Ease of Attack | Simple. Exploit scripts are freely available.
|
| Corrective Action | Limit remote access to RPC services.
Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.
Disable unneeded RPC services.
|
| Additional References | Bugtraq http://www.securityfocus.com/bid/866
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0977
|
| Rule References | bugtraq: 866
cve: 1999-0977
|