T-002: Vulnerability in Host INtegration Server RPC Service
A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server. An attacker could exploit the vulnerability by constructing a specially crafted RPC request. The risk is HIGH. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Hello!
I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
rpc_intro(1m)rpc_intro(1m)NAME
rpc_intro - Introduction to DCE RPC daemon and RPC control program commands
DESCRIPTION
DCE RPC provides two administrative facilities, the RPC daemon and the RPC control program. These facilities are superceded by the DCE
Host daemon (dced) and the DCE control program (dcecp) for OSF DCE version 1.1. The RPC daemon is a process that provides the Endpoint Map
Service, which maintains the local endpoint map for local RPC servers and looks up endpoints for RPC clients. An endpoint is the address
of a specific instance of a server executing in a particular address space on a given system (a server instance). Each endpoint can be used
on a system by only one server at a time.
An endpoint map is a database where servers register their binding information, including endpoints, for each of their RPC interfaces and
the associated RPC objects. Each combination of binding information, interface identifier, and object UUID uses a distinct element in the
local endoint map.
The rpcd command starts the RPC daemon. The control program provides a set of commands for accessing the operations of the RPC name ser-
vice interface (NSI). For managing endpoint maps, the control program supports showing endpoint map elements and removing any set of map
elements from the local endpoint map or from any remote endpoint map.
The rpccp command starts the RPC control program (RPCCP).
EXIT VALUES
The RPC control program reports DCE error messages on the command line. If the command executes successfully, the internal value returned
is 0 (zero); otherwise, the value is -1 (negative one).
RELATED INFORMATION
Commands: dced, dcecp, rpcd(1m), rpccp(1m)
Books: , ,
rpc_intro(1m)