ID CVE-2002-0573
Summary Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2010-09-20T04:00:22.248-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
    family unix
    id oval:org.mitre.oval:def:41
    status accepted
    submitted 2003-01-30T12:00:00.000-04:00
    title Solaris 7 RWall Daemon Syslog Format String Vulnerability
    version 33
  • accepted 2010-09-20T04:00:36.762-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
    family unix
    id oval:org.mitre.oval:def:79
    status accepted
    submitted 2003-01-30T12:00:00.000-04:00
    title Solaris 8 RWall Daemon Syslog Format String Vulnerability
    version 33
refmap via4
bid 4639
bugtraq 20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
cert CA-2002-10
cert-vn VU#638099
osvdb 778
vulnwatch 20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
xf solaris-rwall-format-string(8971)
Last major update 30-10-2018 - 16:26
Published 03-07-2002 - 04:00
Back to Top