CVE-2002-0573 — Use of Externally-Controlled Format String in Solaris

CWE-134 — Use of Externally-Controlled Format String4 documents4 sources

Severity

7.5HIGHNVD

EPSS

47.4%

top 2.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJul 3

Latest updateApr 30

Description

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/solaris2.6, 7.0, 8.0+2

▶NVDsun/sunos5.7, 5.8+1

Patches

Patch: online.securityfocus.com ↗Patch: www.cert.org ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-w2pc-9pgf-c47r: Format string vulnerability in RPC wall daemon (rpc↗2022-04-30

▶

CVEList

CVE-2002-0573: Format string vulnerability in RPC wall daemon (rpc↗2003-04-02

▶

📐Framework References

CWE

Use of Externally-Controlled Format String↗

▶