安全研究

安全漏洞
Sun Solaris RPCbind未明远程拒绝服务攻击漏洞

发布日期:2003-04-28
更新日期:2003-05-08

受影响系统:
Sun Solaris RPCbind
    - Sun Solaris 9.0 x86
    - Sun Solaris 9.0 SPARC
    - Sun Solaris 8.0 x86
    - Sun Solaris 8.0
    - Sun Solaris 7.0 x86
    - Sun Solaris 7.0
    - Sun Solaris 2.6 x86
    - Sun Solaris 2.6
描述:
BUGTRAQ  ID: 7455
CVE(CAN) ID: CVE-2003-1070

Solaris是一款由Sun Microsystems公司开发和维护的商业性质UNIX操作系统。

Solaris rpcbind存在未明漏洞,本地或远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。

目前没有详细漏洞细节提供。

<*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50922&zone_32=category:security
*>

建议:
厂商补丁:

Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-50922)以及相应补丁:
Sun-Alert-50922:rpcbind(1M) May be Terminated by Unprivileged Client Applications, Leading to Denial of RPC Services
链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50922&zone_32=category:security

补丁下载:

Sun Solaris 2.6 _x86:

Sun Patch 105402-42
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105402&rev=42
x86 Platform

Sun Solaris 2.6:

Sun Patch 105401-42
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105401&rev=42
SPARC Platform

Sun Solaris 7.0 _x86:

Sun Patch 106943-25
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106943&rev=25
x86 Platform

Sun Solaris 7.0:

Sun Patch 106942-25
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106942&rev=25
SPARC Platform

Sun Solaris 8.0 _x86:

Sun Patch 108828-40
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108828&rev=40
x86 Platform

Sun Patch 108994-18
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108994&rev=18
x86 Platform

Sun Solaris 8.0:

Sun Patch 108827-40
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108827&rev=40
SPARC Platform

Sun Patch 108993-18
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108993&rev=18
SPARC Platform

Sun Solaris 9.0 _x86:

Sun Patch 113719-07
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113719&rev=07
x86 Platform

Sun Solaris 9.0:

Sun Patch 113319-07
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113319&rev=07
SPARC Platform

浏览次数:3080
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障