The Unix daemon rpc.walld contains a flaw that may allow a malicious user to conduct social engineering attacks via spoofed messages. The issue is triggered when a user sends a message via the service, which checks to see if the message is being sent from a local or a remote user by examining whether stderr corresponds to a tty; if it does not, the program checks to see if the first five bytes of the message are "From:", and uses that string as the user from which the message will appear to have been sent. Thus, if a local user simply closes stderr and then sends their message, they can supply any username for the From: field, effectively allowing message spoofing that could result in a loss of integrity. If enough of these messages are sent in quick succession, a denial of service can be performed by filling users' screens and not allowing them to interact with the system.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: disable the rpc.walld service.