In a security advisory the US-government funded Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University recommended that users disable the rwall Unix (remote wall) utility.
CERT recommended that users disable rpc.rwalld in the configuration file "inetd.conf" as a temporary measure until Sun releases a security patch.
Hackers can potentially exploit format string vulnerability in remote wall requests in order to execute arbitrary code in Solaris The rwall utility listens for "wall" requests, which are used to send messages to terminals using a time-sharing system. CERT Advisory CA-2002-10 warns that it contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the wall daemon, usually root.
By exhausting system resources, a hacker can cause the rwall utility to generate an error message; the format string vulnerability is in the code that displays the error message.
CERT said the problem appears to be limited to Sun's Solaris versions 2.5.1, 2.6, 7, and 8 of the Unix operating system. Other Unix systems are unaffected.
The CERT/CC advisory can be found at www.cert.org/advisories/CA-2002-10.html.