The rpc.pwdauthd daemon in SunOS 4.1.1 and earlier is a remote procedure call (RPC) service that allows authorized users to access system resources over the network. However, this vulnerability allows remote attackers to obtain sensitive system information by exploiting weaknesses in the RPC authentication mechanism.
You're affected if you use SunOS 4.1.1 or earlier. Check with: grep "rpc.pwdauthd" /var/adm/errlog (Note: This command may not work on all systems, and it's recommended to check the system logs for any error messages related to rpc.pwdauthd.)
This is SunOS 4.1.1, NOT Solaris or other Unix variants.
To fix this vulnerability, you can upgrade to a later version of SunOS that includes a patched rpc.pwdauthd daemon. Unfortunately, no public patch link was provided in the advisory.
Immediate mitigations:
- Disable the rpc.pwdauthd service (if possible)
- Restrict network access to your system
- Monitor for suspicious RPC activity