A recent security scan reported a vulnerability with our Cisco MDS 9124 switches. BIOS: version 1.0.16 kickstart: version 4.2(3) system: version 4.2(3). Is this a real vulnerability to be concerned about for the MDS 9124 switch? If it is a problem, was it addressed in later software versions for the switch?
Thanks,
Ray
The rpc.statd program, which is part of the nfs-utils packages, is distributed with a number of popular Linux distributions. The rpc.statd server is an RPC server that implements the Network Status and Monitor RPC protocol. It's a component of the Network File System (NFS) architecture.
rpc.statd contains a format string vulnerability when calling the syslog() function. This vulnerability allows remote users to execute code as root. The logging code in rpc.statd uses the syslog() function to pass user-supplied data as the format string. A malicious user can construct a format string that injects executable code into the process address space and overwrites a function's return address, forcing the program to execute the code.
rpc.statd requires root privileges for opening it's network socket, but fails to drop these privileges later on. Therefore, code injected by the malicious user will execute with root privileges.
Debian, Red Hat and Connectiva have all released advisories on this matter. Presumably, any Linux distribution that runs the statd process is vulnerable, unless already patched for the problem. The rpc.statd program, which is part of the nfs-utils packages, is distributed with a number of popular Linux distributions. The rpc.statd server is an RPC server that implements the Network Status and Monitor RPC protocol. It's a component of the Network File System (NFS) architecture.
rpc.statd contains a format string vulnerability when calling the syslog() function. This vulnerability allows remote users to execute code as root. The logging code in rpc.statd uses the syslog() function to pass user-supplied data as the format string. A malicious user can construct a format string that injects executable code into the process address space and overwrites a function's return address, forcing the program to execute the code.
rpc.statd requires root privileges for opening it's network socket, but fails to drop these privileges later on. Therefore, code injected by the malicious user will execute with root privileges.
Debian, Red Hat and Connectiva have all released advisories on this matter. Presumably, any Linux distribution that runs the statd process is vulnerable, unless already patched for the problem.