CVE-2008-4619 - Vulnerability Details - OpenCVE

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Sunos

Configuration 1 [-]

cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/32475
http://securityreason.com/securityalert/4440
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1
http://www.openwall.com/lists/oss-security/2008/10/28/2
http://www.openwall.com/lists/oss-security/2008/10/29/1
http://www.openwall.com/lists/oss-security/2008/10/31/2
http://www.vupen.com/english/advisories/2008/2945
https://exchange.xforce.ibmcloud.com/vulnerabilities/46057
https://nvd.nist.gov/vuln/detail/CVE-2008-4619
https://www.cve.org/CVERecord?id=CVE-2008-4619
https://www.exploit-db.com/exploits/6775
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-20T22:00:00

Updated: 2024-08-07T10:24:20.665Z

Reserved: 2008-10-20T00:00:00

Link: CVE-2008-4619

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-21T00:10:54.007

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4619

Redhat

Severity : Important

Publid Date: 2008-10-17T00:00:00Z

Links: CVE-2008-4619 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-2945", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2945"}, {"name": "[oss-security] 20081029 Re: CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/29/1"}, {"name": "4440", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4440"}, {"name": "6775", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6775"}, {"name": "[oss-security] 20081031 Re: CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/31/2"}, {"name": "[oss-security] 20081028 CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/28/2"}, {"name": "32475", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32475"}, {"name": "200412", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1"}, {"name": "sunsolaris-rpc-dos(46057)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46057"}, {"name": "FEDORA-2008-9204", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4619", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2945", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2945"}, {"name": "[oss-security] 20081029 Re: CVE-2008-4619 / milw0rm6775", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/29/1"}, {"name": "4440", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4440"}, {"name": "6775", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6775"}, {"name": "[oss-security] 20081031 Re: CVE-2008-4619 / milw0rm6775", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/31/2"}, {"name": "[oss-security] 20081028 CVE-2008-4619 / milw0rm6775", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/28/2"}, {"name": "32475", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32475"}, {"name": "200412", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1"}, {"name": "sunsolaris-rpc-dos(46057)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46057"}, {"name": "FEDORA-2008-9204", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:20.665Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-2945", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2945"}, {"name": "[oss-security] 20081029 Re: CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/29/1"}, {"name": "4440", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4440"}, {"name": "6775", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6775"}, {"name": "[oss-security] 20081031 Re: CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/31/2"}, {"name": "[oss-security] 20081028 CVE-2008-4619 / milw0rm6775", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/28/2"}, {"name": "32475", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32475"}, {"name": "200412", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1"}, {"name": "sunsolaris-rpc-dos(46057)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46057"}, {"name": "FEDORA-2008-9204", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4619", "datePublished": "2008-10-20T22:00:00", "dateReserved": "2008-10-20T00:00:00", "dateUpdated": "2024-08-07T10:24:20.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165."}, {"lang": "es", "value": "El subsistema RPC en Sun Solaris 9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante una petici\u00f3n al procedimiento 8 especialmente construida, relacionada con la operaci\u00f3n XDR_DECODE y la funci\u00f3n taddr2uaddr."}], "id": "CVE-2008-4619", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-21T00:10:54.007", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32475"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4440"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/28/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/29/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/31/2"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2945"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46057"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6775"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32475"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/29/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/31/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00819.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}