rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Solaris | Sun | 2.5.1 (including) | 2.5.1 (including) |
Solaris | Sun | 2.6 (including) | 2.6 (including) |
Solaris | Sun | 7.0 (including) | 7.0 (including) |
Solaris | Sun | 8.0 (including) | 8.0 (including) |
Solaris | Sun | 9.0 (including) | 9.0 (including) |
Sunos | Sun | - (including) | - (including) |
Sunos | Sun | 5.5.1 (including) | 5.5.1 (including) |
Sunos | Sun | 5.7 (including) | 5.7 (including) |
Sunos | Sun | 5.8 (including) | 5.8 (including) |