Check Point Advisories

Preemptive Protection against Sun Solaris sadmind RPC Request Buffer Overflow

Check Point Reference: CPAI-2009-091
Date Published: 12 Jun 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA32473
Industry Reference:CVE-2008-3869
Protection Provided by:
Who is Vulnerable? Sun Microsystems Solaris 8
Sun Microsystems Solaris 9
Vulnerability Description A buffer overflow vulnerability was identified in the sadmind service within the Sun Solaris operating system. sadmind is a daemon used to control the servers running Sun Solaris operating system. The vulnerability is due to an input validation error occurring when parsing specially crafted RPC requests. Remote attackers could exploit this vulnerability by sending a maliciously crafted request to the vulnerable system. Successful exploitation would allow for arbitrary code injection and execution.
Update/Patch AvaliableVendor's advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1 
Vulnerability DetailsThe vulnerability is triggered in sadmind when decoding request parameters. This can be exploited to cause a heap-based buffer overflow via a specially crafted RPC request.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK