{"vuid":"VU#944241","idnumber":"944241","name":"rpc.walld fails to properly validate messages before broadcasting to clients","keywords":["Sun","Solaris","rpc.walld","validate message","broadcast"],"overview":"A vulnerability in rpc.walld may allow local users to forge wall messages. An exploit exists for this vulnerability and is publically available.","clean_desc":"From the rpc.walld man page: The wall command reads the named file, or, if no filename appears, it reads the standard input until an end-of-file. It then sends this message to all currently logged-in users preceded by: Broadcast Message from source . The command is used to warn all users, typically before shutting down the system. A vulnerability in rpc.walld may allow local attackers to forge wall messages, which may enable them to trick victims into divulging sensitive information such as user credentials. For more detailed information, please see the following documents. Brant Roman's advisory\nSun Alert 51980","impact":"This vulnerability may allow local attackers to forge wall messages, which may enable them to trick victims into divulging sensitive information such as user credentials.","resolution":"Apply a patch from your vendor.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Brant Roman.","author":"This document was written by Ian A Finlay.","public":["http://216.239.41.100/search?q=cache:sBAB0CcR-g8C:ou800doc.caldera.com/cgi-bin/man/man%3Fwall%2B1M+wall(1M)+&hl=en&ie=UTF-8","http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51980&zone_32=category%3Asecurity","http://www.mail-archive.com/bugtraq@securityfocus.com/msg10353.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-01-03T17:36:41Z","publicdate":"2003-01-03T00:00:00Z","datefirstpublished":"2003-04-30T13:15:43Z","dateupdated":"2003-10-21T21:28:04Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"2","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.8125","cam_scorecurrentwidelyknown":"2.8125","cam_scorecurrentwidelyknownexploited":"5.0625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.8125,"vulnote":null}