CVE-2008-4619

Sun Solaris 9 - Denial of Service via RPC XDR_DECODE Operation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4619. PoCs published by Federico L. Bossi Bonin.

AI-analyzed exploit summary This exploit triggers a segmentation fault in Solaris 9's `taddr2uaddr()` function via a malformed XDR-encoded RPC call, causing a remote denial-of-service (DoS). The PoC sends a crafted RPC request to the portmapper service (program 100000, version 4) with an empty string argument, leading to a crash in `__inet_taddr2uaddr()`.

Description

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico L. Bossi Bonin · cdossolaris

https://www.exploit-db.com/exploits/6775

View Code ZIP pw:eip

This exploit triggers a segmentation fault in Solaris 9's `taddr2uaddr()` function via a malformed XDR-encoded RPC call, causing a remote denial-of-service (DoS). The PoC sends a crafted RPC request to the portmapper service (program 100000, version 4) with an empty string argument, leading to a crash in `__inet_taddr2uaddr()`.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Solaris 9 (libnsl.so.1)

No auth needed

Prerequisites: Network access to the target's RPC portmapper service (TCP port 111)

MITRE ATT&CK