http://siliconvalley.internet.com/news/article/0,2198,3531_1038631,00.html By Michael Singer May 6, 2002 Less than a week since it warned against rwall daemon vulnerabilities, officials with CERT Coordination Center said there are again serious holes that may affect some Sun Microsystems (NASDAQ:SUNW) servers. The Internet watchdog late Monday said a heap overflow in Cachefs Daemon (cachefsd) has been identified and there are credible reports of scanning and exploitation of Sun Solaris 2.5.1, 2.6, 7, and 8 (including SPARC and Intel (NASDAQ:INTC) Architectures) running cachefsd. Cachefsd, which is installed by default with the above servers, caches requests for operations on remote file systems mounted via the use of NFS protocol. A remote attacker can send a crafted RPC request to the cachefsd program to exploit the vulnerability. If left untreated, Sun said the vulnerability might leave a core dump file in the root directory. "The presence of the core file does not preclude the success of subsequent attacks." A Sun Alert Notification reports. "Additionally, if the file exists, it may contain unusual entries." If there is a problem, the networking giant suggests a reboot, or sending a HUP signal to inetd(1M) and kill existing cachefsd processes. CERT/CC said logs of exploitation attempts might resemble the following: * May 16 22:46:08 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Segmentation Fault - core dumped * May 16 22:46:21 victim-host last message repeated 7 times * May 16 22:46:22 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Bus Error- core dumped * May 16 22:46:24 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Segmentation Fault - core dumped * May 16 22:46:56 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Bus Error - core dumped * May 16 22:46:59 victim-host last message repeated 1 time * May 16 22:47:02 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Segmentation Fault - core dumped * May 16 22:47:07 victim-host last message repeated 3 times * May 16 22:47:09 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Hangup * May 16 22:47:11 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Segmentation Fault - core dumped So far the vulnerability does not affect similarly classed servers from IBM (NYSE:IBM) or SGI (NASDAQ:SGI) Palo Alto, Calif.-based Sun is asking its customers to check its Alert Notification Web site for the latest patch information. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 09 2002 - 03:28:32 PDT