T-002: Vulnerability in Host INtegration Server RPC Service
A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server. An attacker could exploit the vulnerability by constructing a specially crafted RPC request. The risk is HIGH. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Hello!
I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
JSON::RPC::Server::Daemon(3pm) User Contributed Perl Documentation JSON::RPC::Server::Daemon(3pm)NAME
JSON::RPC::Server::Daemon - JSON-RPC sever for daemon
SYNOPSIS
# Daemon version
#--------------------------
# In your daemon server script
use JSON::RPC::Server::Daemon;
JSON::RPC::Server::Daemon->new(LocalPort => 8080);
->dispatch({'/jsonrpc/API' => 'MyApp'})
->handle();
#--------------------------
# In your application class
package MyApp;
use base qw(JSON::RPC::Procedure); # Perl 5.6 or more than
sub echo : Public { # new version style. called by clients
# first argument is JSON::RPC::Server object.
return $_[1];
}
sub sum : Public(a:num, b:num) { # sets value into object member a, b.
my ($s, $obj) = @_;
# return a scalar value or a hashref or an arryaref.
return $obj->{a} + $obj->{b};
}
sub a_private_method : Private {
# ... can't be called by client
}
sub sum_old_style { # old version style. taken as Public
my ($s, @arg) = @_;
return $arg[0] + $arg[1];
}
DESCRIPTION
This module is for http daemon servers using HTTP::Daemon or HTTP::Daemon::SSL.
METHODS
They are inherited from the JSON::RPC::Server methods basically. The below methods are implemented in JSON::RPC::Server::Daemon.
new Creates new JSON::RPC::Server::Daemon object. Arguments are passed to HTTP::Daemon or HTTP::Daemon::SSL.
handle
Runs server object and returns a response.
retrieve_json_from_post
retrieves a JSON request from the body in POST method.
retrieve_json_from_get
In the protocol v1.1, 'GET' request method is also allowable. it retrieves a JSON request from the query string in GET method.
response
returns a response JSON data to a client.
SEE ALSO
HTTP::Daemon,
HTTP::Daemon::SSL,
JSON::RPC::Server,
JSON::RPC::Procedure,
JSON,
<http://json-rpc.org/wd/JSON-RPC-1-1-WD-20060807.html>,
<http://json-rpc.org/wiki/specification>,
AUTHOR
Makamaka Hannyaharamitu, <makamaka[at]cpan.org>
COPYRIGHT AND LICENSE
Copyright 2007-2008 by Makamaka Hannyaharamitu
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.10.1 2008-09-01 JSON::RPC::Server::Daemon(3pm)