GEN:SID 1:1963
Message RPC RQUOTA getquota overflow attempt UDP
Summary The RQUOTA daemon is an RPC server that returns quotas for users on the
local file systems.  

Some versions of solaris ship with a vulnerable version of snoop that
attempts to parse RQUOTA GETQUOTA requests.  Snoop contains a boundary
condition error that could result in a buffer overflow that will present
the attacker with super user access to the target host.
Impact Complete control of the target machine.
Detailed Information The sniffing program named snoop is installed on certain version of Sun
Solaris.

When run by the super-user, snoop will monitor network traffic on the
host's network segment.  When snoop attempts to decode RQUOTA GETQUOTA
requests, snoop does not properly handle user supplied data resulting in
a buffer overflow.
Affected Systems Sun Solaris 2.4, 2.5, 2.5.1, 2.6, 2.7 for SPARC and Intel architectures
Attack Scenarios The attacker must send specially crafted packets past a network segment
monitored by vulnerable versions of snoop
Ease of Attack Simple
Corrective Action Apply the appropriate patches for each affected system.

Use a different network monitoring tool other than snoop.

Disallow all RPC requests from external sources and use a firewall to
block access to RPC ports from outside the LAN.
Additional References Bugtraq:
http://www.securityfocus.com/bid/864

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0974
Rule References bugtraq: 864
cve: 1999-0974