Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Sun Solaris rpc.ypupdated Command Injection Vulnerability

Subscribe

Check Point Reference: CPAI-2008-102
Date Published:
Severity:
Last Updated:
Source: CERT: CA-1995-17
Industry Reference(s): CVE-1999-0208
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Sun Microsystems Solaris 10 and prior
Vulnerability Description
A command injection vulnerability exists in Sun Solaris Network Information Service (NIS). Sun Solaris provides its NIS services through the SUN-RPC remote procedure call (RPC) mechanism. A remote attacker may exploit this issue to inject and execute arbitrary code on a vulnerable system via a specially crafted RPC request.
Vulnerability Details
The vulnerability is due to the Sun Solaris rpc.ypupdated service that fails to properly validate user input when processing RPC requests. A remote attacker can exploit this vulnerability by sending a crafted RPC message to a target host. Successful exploitation may allow the attacker to execute arbitrary code on the target system.

Protection Overview
By enabling this protection, IPS-1 will detect and block malformed RPC messages. No update is required to address this vulnerability.

Users are protected against this vulnerability if the protection against Bad RPC Programs has been applied.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > RPC, and select the Bad RPC programs protection group.
3. Click bad RPC program (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Alert Name: rpc_badnum
Description: badnum_bad_prog