rpc.pcnfsd Syslog Format String Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 25 May 2010 4496 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in HP-UX, SGI IRIX, IBM AIX and VIOS which could be exploited by attackers
to cause a denial of service or compromise a vulnerable system. This issue is caused by an integer overflow
error in the "rpc.pcnfsd" daemon when processing malformed RPC requests, which could be exploited by remote
unauthenticated attackers to crash an affected daemon or execute arbitrary code.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • HP-UX versions B.11.x
  • SGI IRIX version 6.5.30 and prior
  • IBM AIX version 5.3 and prior
  • IBM AIX version 6.1 and prior
  • IBM VIOS version 1.5 and prior
  • IBM VIOS version 2.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

IBM AIX and VIOS
Apply fix :
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_fix.tar

HP-UX and SGI IRIX
There is no patch available for this vulnerability currently.

Vulnerability Identifier

Source

Share with

Previous

Apple Mac OS X Multiple Java Vulnerabilities

20 May 2010 4437 Views

Next

Google Chrome Multiple Vulnerabilities

28 May 2010 4456 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY