Description
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- FreeBSD / FreeBSD4.6.1
- Microsoft / windows_2000
- Microsoft / windows_nt4.0 β 4.0
- Microsoft / windows_xp
- OpenBSD / OpenBSD3.1 β 3.1
- sun / solaris9.0 β 9.0
- sun / solaris2.6 β 2.6
- sun / sunos5.5.1 β 5.5.1
- sun / sunos5.7 β 5.7
- sun / sunos5.8 β 5.8
References
- MISChttp://www.iss.net/security_center/static/9170.php
- VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
- VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2002-25.html
- VENDOR_ADVISORYhttp://online.securityfocus.com/advisories/4402
- MAILING_LISThttp://marc.info/?l=bugtraq&m=103158632831416&w=2
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-146
- MISChttp://rhn.redhat.com/errata/RHSA-2002-166.html
- MISChttp://archives.neohapsis.com/archives/hp/2002-q3/0077.html
- MISCftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-143
- MISChttp://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
- VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
- MISChttp://www.redhat.com/support/errata/RHSA-2003-212.html
- MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-142
- VENDOR_ADVISORYftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
- MISChttp://archives.neohapsis.com/archives/aix/2002-q4/0002.html
- MISChttp://www.redhat.com/support/errata/RHSA-2002-167.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=102821928418261&w=2
- MISChttp://www.redhat.com/support/errata/RHSA-2002-173.html
- MISChttp://www.securityfocus.com/bid/5356
- MISChttp://online.securityfocus.com/archive/1/285740
- MAILING_LISThttp://marc.info/?l=bugtraq&m=102813809232532&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=102821785316087&w=2
- MISChttp://www.kb.cert.org/vuls/id/192995
- MISChttp://rhn.redhat.com/errata/RHSA-2002-172.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
- VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/other_advisory-2399.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
- VENDOR_ADVISORYhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-149
- MAILING_LISThttp://marc.info/?l=bugtraq&m=102831443208382&w=2
- VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-333
- MISChttp://www.redhat.com/support/errata/RHSA-2003-168.html