The SunOS Remote Procedure Call (RCP) vulnerability allows an attacker to execute arbitrary commands as root on a SunOS 4.0.x system by sending a specially crafted RPC request from a trusted host. This vulnerability has significant implications for the security of systems running this version of SunOS, potentially leading to unauthorized access and data breaches.
You're affected if you use SunOS 4.0.x. Check with:
grep "sunrpc" /etc/passwd
Note: This is an older operating system, so it's likely that most systems are no longer running this version.
Patch: Download the patch from http://www.cert.org/advisories/CA-1989-07.html.
- Immediate mitigations:
- Restrict network access to your SunOS instance (firewall it from the public internet)
- Audit RPC requests for suspicious activity patterns