ID CVE-2002-1265
Summary The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
References
Vulnerable Configurations
  • GNU glibc 2.0
    cpe:2.3:a:gnu:glibc:2.0
  • GNU glibc 2.0.1
    cpe:2.3:a:gnu:glibc:2.0.1
  • GNU glibc 2.0.2
    cpe:2.3:a:gnu:glibc:2.0.2
  • GNU glibc 2.0.3
    cpe:2.3:a:gnu:glibc:2.0.3
  • GNU glibc 2.0.4
    cpe:2.3:a:gnu:glibc:2.0.4
  • GNU glibc 2.0.5
    cpe:2.3:a:gnu:glibc:2.0.5
  • GNU glibc 2.0.6
    cpe:2.3:a:gnu:glibc:2.0.6
  • GNU glibc 2.1
    cpe:2.3:a:gnu:glibc:2.1
  • GNU glibc 2.1.1
    cpe:2.3:a:gnu:glibc:2.1.1
  • GNU glibc 2.1.1.6
    cpe:2.3:a:gnu:glibc:2.1.1.6
  • GNU glibc 2.1.2
    cpe:2.3:a:gnu:glibc:2.1.2
  • GNU glibc 2.1.3
    cpe:2.3:a:gnu:glibc:2.1.3
  • GNU glibc 2.1.3.10
    cpe:2.3:a:gnu:glibc:2.1.3.10
  • GNU glibc 2.2
    cpe:2.3:a:gnu:glibc:2.2
  • GNU glibc 2.2.1
    cpe:2.3:a:gnu:glibc:2.2.1
  • GNU glibc 2.2.2
    cpe:2.3:a:gnu:glibc:2.2.2
  • GNU glibc 2.2.3
    cpe:2.3:a:gnu:glibc:2.2.3
  • GNU glibc 2.2.4
    cpe:2.3:a:gnu:glibc:2.2.4
  • GNU glibc 2.2.5
    cpe:2.3:a:gnu:glibc:2.2.5
  • GNU glibc 2.3
    cpe:2.3:a:gnu:glibc:2.3
  • cpe:2.3:o:sgi:irix:2.3.1
    cpe:2.3:o:sgi:irix:2.3.1
  • SGI IRIX 6.5
    cpe:2.3:o:sgi:irix:6.5
  • SGI IRIX 6.5.1
    cpe:2.3:o:sgi:irix:6.5.1
  • SGI IRIX 6.5.2
    cpe:2.3:o:sgi:irix:6.5.2
  • SGI IRIX 6.5.3
    cpe:2.3:o:sgi:irix:6.5.3
  • SGI IRIX 6.5.4
    cpe:2.3:o:sgi:irix:6.5.4
  • SGI IRIX 6.5.5
    cpe:2.3:o:sgi:irix:6.5.5
  • SGI IRIX 6.5.6
    cpe:2.3:o:sgi:irix:6.5.6
  • SGI IRIX 6.5.7
    cpe:2.3:o:sgi:irix:6.5.7
  • SGI IRIX 6.5.8
    cpe:2.3:o:sgi:irix:6.5.8
  • SGI IRIX 6.5.9
    cpe:2.3:o:sgi:irix:6.5.9
  • SGI IRIX 6.5.10
    cpe:2.3:o:sgi:irix:6.5.10
  • SGI IRIX 6.5.11
    cpe:2.3:o:sgi:irix:6.5.11
  • SGI IRIX 6.5.12
    cpe:2.3:o:sgi:irix:6.5.12
  • SGI IRIX 6.5.13
    cpe:2.3:o:sgi:irix:6.5.13
  • SGI IRIX 6.5.14f
    cpe:2.3:o:sgi:irix:6.5.14f
  • SGI IRIX 6.5.14m
    cpe:2.3:o:sgi:irix:6.5.14m
  • SGI IRIX 6.5.15f
    cpe:2.3:o:sgi:irix:6.5.15f
  • SGI IRIX 6.5.15m
    cpe:2.3:o:sgi:irix:6.5.15m
  • SGI IRIX 6.5.16f
    cpe:2.3:o:sgi:irix:6.5.16f
  • SGI IRIX 6.5.16m
    cpe:2.3:o:sgi:irix:6.5.16m
  • SGI IRIX 6.5.17f
    cpe:2.3:o:sgi:irix:6.5.17f
  • SGI IRIX 6.5.17m
    cpe:2.3:o:sgi:irix:6.5.17m
  • Apple Mac OS X 10.0
    cpe:2.3:o:apple:mac_os_x:10.0
  • Apple Mac OS X 10.0.1
    cpe:2.3:o:apple:mac_os_x:10.0.1
  • Apple Mac OS X 10.0.2
    cpe:2.3:o:apple:mac_os_x:10.0.2
  • Apple Mac OS X 10.0.3
    cpe:2.3:o:apple:mac_os_x:10.0.3
  • Apple Mac OS X 10.0.4
    cpe:2.3:o:apple:mac_os_x:10.0.4
  • Apple Mac OS X 10.1
    cpe:2.3:o:apple:mac_os_x:10.1
  • Apple Mac OS X 10.1.1
    cpe:2.3:o:apple:mac_os_x:10.1.1
  • Apple Mac OS X 10.1.2
    cpe:2.3:o:apple:mac_os_x:10.1.2
  • Apple Mac OS X 10.1.3
    cpe:2.3:o:apple:mac_os_x:10.1.3
  • Apple Mac OS X 10.1.4
    cpe:2.3:o:apple:mac_os_x:10.1.4
  • Apple Mac OS X 10.1.5
    cpe:2.3:o:apple:mac_os_x:10.1.5
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X Server 10.0
    cpe:2.3:o:apple:mac_os_x_server:10.0
  • Apple Mac OS X Server 10.2
    cpe:2.3:o:apple:mac_os_x_server:10.2
  • Apple Mac OS X Server 10.2.1
    cpe:2.3:o:apple:mac_os_x_server:10.2.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30091.NASL
    description s700_800 11.23 NIS/NIS+ cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 56836
    published 2012-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56836
    title HP-UX PHNE_30091 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30808.NASL
    description s700_800 11.04 (VVOS) ONC/NFS General Release/Perf Patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16607
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16607
    title HP-UX PHNE_30808 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30094.NASL
    description s700_800 11.23 NFS cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 56839
    published 2012-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56839
    title HP-UX PHNE_30094 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHKL_31500.NASL
    description s700_800 11.23 Sept04 base patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - A potential vulnerability has been identified in HP-UX running the Veritas File System (VxFS) that may allow a local authorized user access to unauthorized data. - A potential security vulnerability has been identified with HP-UX running TCP/IP. The potential vulnerability could be exploited remotely to cause a Denial of Service (DoS). (HPSBUX02087 SSRT4728) - A potential security vulnerability has been found in HP-UX running rpc.ypupdated. The vulnerability could be exploited to allow remote unauthorized access. (HPSBUX01002 SSRT4688)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 17400
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17400
    title HP-UX PHKL_31500 : s700_800 11.23 Sept04 base patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30092.NASL
    description s700_800 11.23 RPC commands and daemons cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 56837
    published 2012-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56837
    title HP-UX PHNE_30092 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29211.NASL
    description s700_800 11.11 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596) - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384)
    last seen 2019-02-21
    modified 2013-06-27
    plugin id 16928
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16928
    title HP-UX PHNE_29211 : s700_800 11.11 ONC/NFS General Release/Performance Patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29449.NASL
    description s700_800 11.22 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - Potential buffer overflow in XDR library. (HPSBUX00215 SSRT2336) - Potential buffer overflow in xdrmem_getbytes() and related functions. (HPSBUX00252 SSRT2439) - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596)
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16911
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16911
    title HP-UX PHNE_29449 : s700_800 11.22 ONC/NFS General Release/Performance Patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29210.NASL
    description s700_800 11.00 ONC/NFS General Release/Performance Patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS). (HPSBUX01020 SSRT2384) - The error messages returned by rpc.mountd can be used to determine whether a file exists. (HPSBUX00272 SSRT3596)
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16929
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16929
    title HP-UX PHNE_29210 : s700_800 11.00 ONC/NFS General Release/Performance Patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30090.NASL
    description s700_800 11.23 libnsl cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16725
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16725
    title HP-UX PHNE_30090 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_30093.NASL
    description s700_800 11.23 Lock Manager cumulative patch : A potential security vulnerability has been identified with HP-UX running RPC services, where the vulnerability may be exploited by an unauthorized remote user to create a denial of service (DoS).
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 56838
    published 2012-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56838
    title HP-UX PHNE_30093 : HP-UX Running RPC, Remote Denial of Service (DoS) (HPSBUX01020 SSRT2384 rev.2)
oval via4
accepted 2005-06-01T03:30:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
family unix
id oval:org.mitre.oval:def:2248
status accepted
submitted 2005-04-13T12:00:00.000-04:00
title Sun RPC No Timeout Denial of Service on TCP Ports
version 31
refmap via4
bid 6103
cert-vn VU#266817
confirm http://www.info.apple.com/usen/security/security_updates.html
hp HPSBUX01020
sgi 20021103-01-P
sunalert 51082
xf sun-rpc-libc-dos(10539)
Last major update 05-09-2008 - 16:30
Published 12-11-2002 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top