(HP Issues Fix for HP-UX) Sun Solaris libnsl __inet_taddr2uaddr() Error Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020906 |
|
SecurityTracker URL: http://securitytracker.com/id/1020906
|
|
CVE Reference:
CVE-2007-0165, CVE-2008-4619
(Links to External Site)
|
Date: Sep 22 2008
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in libnsl on Sun Solaris. A remote user can cause denial of service conditions. HP-UX is affected.
A remote user can send specially crafted RPC requests to cause the target rpcbind(1M) service to crash.
The vulnerability resides in the '__inet_taddr2uaddr()' function.
Sun credits Anil Kumar of the BlueLane Research Team with reporting this vulnerability.
[Editor's note: Sun is now reporting that the CVE number for this vulnerability is CVE-2008-4619.]
|
Impact:
A remote user can cause the target rpcbind(1M) service to crash.
|
Solution:
HP has issued a fix for HP-UX, which is affected by this vulnerability.
HP-UX B.11.11
=============
NFS.NFS-64SLIB
NFS.NFS-SHLIBS
action: install PHNE_37110 or subsequent.
URL: http://itrc.hp.com
HP-UX B.11.23
=============
NFS.NFS-64SLIB
NFS.NFS-SHLIBS
action: install PHNE_36982 or subsequent.
URL: http://itrc.hp.com
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01556916
|
Cause:
State error
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 22 Sep 2008 17:46:29 -0400
Subject: HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS)
|
https://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01556916
CVE-2007-0165
|
|
