CVE-2002-1228
CVSS5.0
发布时间 :2002-10-28 00:00:00
修订时间 :2016-10-17 22:24:58
NMCOS    

[原文]Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.


[CNNVD]Solaris NFS锁定远程服务拒绝漏洞(CNNVD-200210-311)

        Solaris 2.5.1至Solaris 9版本的NFS存在未知漏洞。NFS客户端可以通过杀死锁定守护进程导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:sun:solaris:2.5
cpe:/o:sun:solaris:2.5.1
cpe:/o:sun:solaris:7.0
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:9.0::sparc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1228
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1228
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-311
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=103487058823193&w=2
(UNKNOWN)  BUGTRAQ  20021017 NFS Denial of Service advisory from Sun
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1
(UNKNOWN)  SUNALERT  47815
http://www.iss.net/security_center/static/10394.php
(VENDOR_ADVISORY)  XF  solaris-nfs-lockd-dos(10394)
http://www.kb.cert.org/vuls/id/855635
(UNKNOWN)  CERT-VN  VU#855635
http://www.securityfocus.com/bid/5986
(UNKNOWN)  BID  5986

- 漏洞信息

Solaris NFS锁定远程服务拒绝漏洞
中危 未知
2002-10-28 00:00:00 2005-10-20 00:00:00
远程  
        Solaris 2.5.1至Solaris 9版本的NFS存在未知漏洞。NFS客户端可以通过杀死锁定守护进程导致服务拒绝。

- 公告与补丁

        Solaris has released patches addressing this issue. It should be noted that a final resolution for Solaris 2.5.1 is pending completion.
        Patches:
        Sun Solaris 8_x86
        
        Sun Solaris 8
        
        Sun Solaris 9
        
        Sun Solaris 2.5.1 _x86
        
        Sun Solaris 2.5.1
        
        Sun Solaris 7.0
        
        Sun Solaris 7.0 _x86
        

- 漏洞信息

8709
Solaris NFS Client lockd Daemon DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-10-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Solaris NFS lockd Remote Denial of Service Vulnerability
Unknown 5986
Yes No
2002-10-17 12:00:00 2009-07-11 06:06:00
Vulnerability announced in a Sun advisory.

- 受影响的程序版本

Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.5

- 漏洞讨论

A denial of service vulnerability has been reported in the lockd daemon on Solaris.

It has been reported that it is possible for a remote attacker to crash the Solaris lockd daemon, resulting in a denial of service. If this situation were to occur, valid NFS connections would no longer be established by the target server.

Precise technical details regarding the source of this issue are not yet known. This bid will be updated as more information becomes available.

It should be noted that, although not yet confirmed, this may be similar to the vulnerability described in bid 1372.

- 漏洞利用

There are reports of a publicly available tool to exploit this vulnerability.

- 解决方案

Solaris has released patches addressing this issue. It should be noted that a final resolution for Solaris 2.5.1 is pending completion.

Patches:


Sun Solaris 7.0_x86

Sun Solaris 7.0

Sun Solaris 8_x86

Sun Solaris 8_sparc

Sun Solaris 9

Sun Solaris 2.5.1 _x86

Sun Solaris 2.5.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站