Some implementations of rarpd are vulnerable to buffer overflow conditions and format string issues. These problems have been reported in the in.rarpd binaries shipped with versions of Sun Solaris and Caldera Open UNIX and UnixWare. It has been reported that there seem to be three remotely exploitable buffer overflow conditions, two locally exploitable vulnerabilities, and two format string vulnerabilities. in.rarpd does not perform proper string formatting when writing entries to syslog. Therefore, it is possible for a remote malicious attacker to craft a request that will result in code execution on the vulnerable system. Sun Microsystems has reported that these conditions are not exploitable, as data passed to the offending routines is not externally supplied. Furthermore, attackers must be on the local subnet to exploit this vulnerability as ARP packets do not have IP headers and are not routeable. Administrators are still advised to disable or block access to the service if it...
Some implementations of rarpd are vulnerable to buffer overflow conditions and format string issues. These problems have been reported in the in.rarpd binaries shipped with versions of Sun Solaris and Caldera Open UNIX and UnixWare. It has been reported that there seem to be three remotely exploitable buffer overflow conditions, two locally exploitable vulnerabilities, and two format string vulnerabilities. in.rarpd does not perform proper string formatting when writing entries to syslog. Therefore, it is possible for a remote malicious attacker to craft a request that will result in code execution on the vulnerable system. Sun Microsystems has reported that these conditions are not exploitable, as data passed to the offending routines is not externally supplied. Furthermore, attackers must be on the local subnet to exploit this vulnerability as ARP packets do not have IP headers and are not routeable. Administrators are still advised to disable or block access to the service if it is not necessary. This record will be updated when more information becomes available.
