Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0165 — Solaris vulnerability

7 documents6 sources

Severity

7.8HIGHNVD

EPSS

10.5%

top 6.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJan 10

Latest updateMay 1

Description

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDsun/solaris9.0

▶NVDsun/sunos5.8

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-98mm-wqhf-234c: Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests tha↗2022-05-01

▶

CVEList

CVE-2008-4619: The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program↗2008-10-20

▶

CVEList

CVE-2007-0165: Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests tha↗2007-01-10

▶

💥Exploits & PoCs

Exploit-DB

Sun Solaris 9 - RPC Request Denial of Service↗2007-01-09

▶

📋Vendor Advisories

Red Hat

libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE↗2008-10-17

▶

💬Community

Bugzilla

CVE-2008-4619 libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE↗2008-10-22

▶