Tuesday, May 25, 2010

Patch Released for IBM AIX rpc.pcnfsd Integer Overflow Vulnerability

IBM has released a patch for the AIX rpc.pcnfsd integer overflow vulnerability. According to IBM, the vulnerability in the rpc.pcnfsd service could potentially be exploited to execute arbitrary code and this could be done by sending malicious RPC requests over the wire.

UPDATE 28 May 2010 - This bug also affects HP-UX and SGI IRIX.

References:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088

http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc

http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02115103



email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

No comments:

Post a Comment