rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Solaris | Sun | 2.5.1 | 2.5.1 |
Solaris | Sun | 2.6 | 2.6 |
Solaris | Sun | 7.0 | 7.0 |
Solaris | Sun | 8.0 | 8.0 |
Solaris | Sun | 9.0 | 9.0 |
Sunos | Sun | - | - |
Sunos | Sun | 5.5.1 | 5.5.1 |
Sunos | Sun | 5.7 | 5.7 |
Sunos | Sun | 5.8 | 5.8 |