cachefsd vulnerability
Created 5/7/02
CVE 2002-0033
CAN 2002-0084
Impact
A vulnerability in cachefsd could allow a remote
attacker to execute arbitrary commands with root privileges.
Note: The red stoplight on this page indicates the
highest possible severity level for this vulnerability. The severity
level in this instance is indicated by the colored dot beside the
link to this tutorial on the previous page.
Background
cachefsd is a service which supports local
caching of Network File Systems (NFS), thereby improving
performance on filesystems mounted from an NFS server.
cachefsd runs by default on Solaris systems,
and is assigned a TCP port by the RPC portmapper.
The Problem
CVE 2002-0033
Due to a heap overflow condition, a remote attacker could
execute arbitrary code with root privileges by sending
a specially crafted RPC request to cachefsd.
Solaris 2.5.1 through Solaris 8 are affected by this vulnerability.
CAN 2002-0084
A separate vulnerability affecting Solaris 2.6 through 8
could allow a user who already has local access to gain
root privileges by overflowing a buffer in mounts.
Resolution
See sunsolve
for patch information, and apply a patch when one becomes available.
If a patch is not available, disable cachefsd.
This can be done by placing a comment sign (#) before
the line which begins "100235" in
/etc/inetd.conf, and restarting the inetd
process.
Where can I read more about this?
For more information on this vulnerability, see
CERT Advisory 2002-11 and
eSecurity Online advisory 4198.
For more information on the second vulnerability, see
eSO Security Advisory 4198.