IBM has released a patch for the AIX rpc.pcnfsd integer overflow vulnerability. According to IBM, the vulnerability in the rpc.pcnfsd service could potentially be exploited to execute arbitrary code and this could be done by sending malicious RPC requests over the wire.
UPDATE 28 May 2010 - This bug also affects HP-UX and SGI IRIX.
References:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02115103
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment