Users login

Create an account »


Users login

Home » Hacking News » CSSA-2002-SCO.12-rpc.cmsd can be remotely exploited

CSSA-2002-SCO.12-rpc.cmsd can be remotely exploited

by Nikola Strahija on March 21st, 2002 The rpc.cmsd command would overflow a buffer under certain circumstances, allowing the possibility of a remote user to gain privilege.

1.2 Detail

The exploit code provided by jGgM requests program 100068
version 4 on UDP (implemented by /usr/dt/bin/rpc.cmsd) and
then does a single RPC call to procedure 21 (rtable_create)
passing 2 strings, one of which creates a buffer overflow.

$BASE/server/rtable4.c:_DtCm_rtable_create_4_svc(args) where
args is of type Table_Op_Args_4: 2 client supplied strings as
args->target and args->new_target. "new_target" is never used
and "target" creates the overflow later on.

_DtCmGetPrefix will overflow its local variable "buf" if the
"sep" parameter that ends the prefix is not present.

A secondary problem may also occur because
_DtCm_rtable_create_4_svc does not make sure that the length
of args->target is .


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »