Skip to main content

rpc.pcnfsd Syslog Format String Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 25 May 2010 5456 Views

RISK: Medium Risk

A vulnerability has been identified in HP-UX, SGI IRIX, IBM AIX and VIOS which could be exploited by attackers
to cause a denial of service or compromise a vulnerable system. This issue is caused by an integer overflow
error in the "rpc.pcnfsd" daemon when processing malformed RPC requests, which could be exploited by remote
unauthenticated attackers to crash an affected daemon or execute arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • HP-UX versions B.11.x
  • SGI IRIX version 6.5.30 and prior
  • IBM AIX version 5.3 and prior
  • IBM AIX version 6.1 and prior
  • IBM VIOS version 1.5 and prior
  • IBM VIOS version 2.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

IBM AIX and VIOS
Apply fix :
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_fix.tar

HP-UX and SGI IRIX
There is no patch available for this vulnerability currently.


Vulnerability Identifier


Source