Notified: April 15, 2002 Updated: May 02, 2002
Not Affected
Mac OS X does not contain rwall, and is not susceptible to the vulnerability described.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
BSD/OS does not include an affected daemon in any version.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
Compaq Tru64 is NOT vulnerable to this reported problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
Cray, Inc. is not vulnerable since the affected code is not included in the rwalld implementation used in Unicos and Unicos/mk.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 17, 2002
Not Affected
FreeBSD is not vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: May 01, 2002
Not Affected
HP is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
IBM's AIX operating system, versions 4.3.x and 5.1L, is not susceptible to the vulnerability described.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: May 01, 2002
Not Affected
NetBSD has never been vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 15, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 12, 2002 Updated: May 01, 2002
Affected
Sun confirms that there is a format string vulnerability in rpc.rwalld(1M) which affects Solaris 2.5.1, 2.6, 7 and 8. However, this issue relies on a combination of events, including the exhaustion of system resources, which are difficult to control by a remote user in order to be exploited. Disabling rpc.rwalld(1M) in inetd.conf(4) is the recommended workaround until patches are available. Sun is currently generating patches for this issue and will be releasing a Sun Security Bulletin once the patches are available. The bulletin will be available from: http://sunsolve.sun.com/security Sun patches are available from: http://sunsolve.sun.com/securitypatch
The vendor has not provided us with any further information regarding this vulnerability.
rpc.rwalld is installed by default on Solaris 6, 7, and 8.