Update Protection against Sun Solaris sadmind RPC Request Integer Overflow
| Check Point Reference: | CPAI-2009-093 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA32473 | |
| Industry Reference(s): | CVE-2008-3869 CVE-2008-3870 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Sun Microsystems Solaris 8 Sun Microsystems Solaris 9 | ||
| Vulnerability Description An integer overflow vulnerability was reported in the sadmind service within the Sun Solaris operating system. sadmind is a daemon used to control servers running Sun Solaris operating system. The vulnerability is triggered when parsing crafted RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. |
||
|
Update/Patch Available The vendor, Sun Microsystems, has released an advisory addressing this vulnerability: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1 |
|
|
Vulnerability Details The vulnerability resides in the calculation of a buffer allocation size while parsing specially crafted RPC requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted RPC request. |
Protection Overview
This protection will detect and block RPC requests to the sadmind program that contain certain invalid header values.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
Users of IPS-1 are already protected against the CVE-2009-3869 vulnerability if the protection for blocking malformed Sun Solaris sadmind RPC requests in the Protection section of CPAI-2009-091 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.