GEN:SID | 1:2184 |
Message | RPC mountd TCP mount path overflow at103 |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the xlog function of certain Linux NFS Utils packages.
Specifically this event is generated when TCP is used as the attack medium.
|
Impact | Denial of Service (DoS), possible arbitrary code execution.
|
Detailed Information | The mountd Remote Procedure Call (RPC) implements the NFS mount protocol. A vulnerability exists in some versions of the Linux NFS Utilities package prior to 1.0.4 that can lead to the possible execution of arbitrary code or a DoS against the affected server.
A programming error in the xlog function may be exploited by an attacker by sending RPC requests to mountd that do not contain any newline characters. This causes a buffer to overflow thus presenting the attacker with the opportunity to execute code.
|
Affected Systems | Systems using Linux NFS Utils prior to version 1.0.4.
|
Attack Scenarios | An attacker may send a specially crafted RPC request or mount command to the NFS server that does not contain any newline characters.
|
Ease of Attack | Moderate.
|
Corrective Action | Limit remote access to RPC services.
Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.
Disable unneeded RPC services.
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
|
Additional References | |
Rule References | Error: Unknown reference type: BACKDOOR subseven 22
arachnids: 485
url: www.hackfix.org/subseven/
|