CVE-2003-0028

Description

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Affected products

• cray / unicos6.0e – 6.0e
• cray / unicos6.1 – 6.1
• cray / unicos7.0 – 7.0
• cray / unicos8.0 – 8.0
• cray / unicos8.3 – 8.3
• cray / unicos9.0 – 9.0
• cray / unicos9.0.2.5 – 9.0.2.5
• cray / unicos9.2 – 9.2
• cray / unicos9.2.4 – 9.2.4
• cray / unicos6.0 – 6.0
• FreeBSD / FreeBSD4.7 – 4.7
• FreeBSD / FreeBSD5.0 – 5.0
• FreeBSD / FreeBSD4.0 – 4.0
• FreeBSD / FreeBSD4.1 – 4.1
• FreeBSD / FreeBSD4.1.1 – 4.1.1
• FreeBSD / FreeBSD4.1.1 – 4.1.1
• FreeBSD / FreeBSD4.1.1 – 4.1.1
• FreeBSD / FreeBSD4.2 – 4.2
• FreeBSD / FreeBSD4.2 – 4.2
• FreeBSD / FreeBSD4.3 – 4.3
• FreeBSD / FreeBSD4.3 – 4.3
• FreeBSD / FreeBSD4.3 – 4.3
• FreeBSD / FreeBSD4.4 – 4.4
• FreeBSD / FreeBSD4.4 – 4.4
• FreeBSD / FreeBSD4.5 – 4.5
• FreeBSD / FreeBSD4.5 – 4.5
• FreeBSD / FreeBSD4.5 – 4.5
• FreeBSD / FreeBSD4.6 – 4.6
• FreeBSD / FreeBSD4.6 – 4.6
• FreeBSD / FreeBSD4.6 – 4.6
• FreeBSD / FreeBSD4.6.2 – 4.6.2
• FreeBSD / FreeBSD4.7 – 4.7
• FreeBSD / FreeBSD4.7 – 4.7
• gnu / glibc2.3 – 2.3
• gnu / glibc2.1.1 – 2.1.1
• gnu / glibc2.1.2 – 2.1.2
• gnu / glibc2.1.3 – 2.1.3
• gnu / glibc2.2 – 2.2
• gnu / glibc2.2.1 – 2.2.1
• gnu / glibc2.2.2 – 2.2.2
• gnu / glibc2.2.3 – 2.2.3
• gnu / glibc2.2.4 – 2.2.4
• gnu / glibc2.2.5 – 2.2.5
• gnu / glibc2.3.1 – 2.3.1
• gnu / glibc2.3.2 – 2.3.2
• gnu / glibc2.1 – 2.1
• HP / hp-ux10.24 – 10.24
• HP / hp-ux10.20 – 10.20
• HP / hp-ux11.22 – 11.22
• HP / hp-ux11.20 – 11.20
• HP / hp-ux11.11 – 11.11
• HP / hp-ux11.04 – 11.04
• HP / hp-ux11.00 – 11.00
• HP / hp-ux_series_70010.20 – 10.20
• HP / hp-ux_series_80010.20 – 10.20
• ibm / aix4.3.3 – 4.3.3
• ibm / aix5.1 – 5.1
• ibm / aix5.2 – 5.2
• MIT / Kerberos 51.2 – 1.2
• MIT / Kerberos 51.2.7 – 1.2.7
• MIT / Kerberos 51.2.6 – 1.2.6
• MIT / Kerberos 51.2.5 – 1.2.5
• MIT / Kerberos 51.2.4 – 1.2.4
• MIT / Kerberos 51.2.3 – 1.2.3
• MIT / Kerberos 51.2.2 – 1.2.2
• MIT / Kerberos 51.2.1 – 1.2.1
• openafs / openafs1.2.2a – 1.2.2a
• openafs / openafs1.2.2 – 1.2.2
• openafs / openafs1.2.1 – 1.2.1
• openafs / openafs1.2 – 1.2
• openafs / openafs1.1.1a – 1.1.1a
• openafs / openafs1.1.1 – 1.1.1
• openafs / openafs1.1 – 1.1
• openafs / openafs1.0.4a – 1.0.4a
• openafs / openafs1.0.4 – 1.0.4
• openafs / openafs1.0.3 – 1.0.3
• openafs / openafs1.0.2 – 1.0.2
• openafs / openafs1.0.1 – 1.0.1
• openafs / openafs1.0 – 1.0
• openafs / openafs1.3.2 – 1.3.2
• openafs / openafs1.3.1 – 1.3.1
• openafs / openafs1.3 – 1.3
• openafs / openafs1.2.6 – 1.2.6
• openafs / openafs1.2.5 – 1.2.5
• openafs / openafs1.2.4 – 1.2.4
• openafs / openafs1.2.3 – 1.2.3
• openafs / openafs1.2.2b – 1.2.2b
• OpenBSD / OpenBSD2.2 – 2.2
• OpenBSD / OpenBSD2.0 – 2.0
• OpenBSD / OpenBSD2.1 – 2.1
• OpenBSD / OpenBSD2.3 – 2.3
• OpenBSD / OpenBSD2.4 – 2.4
• OpenBSD / OpenBSD2.5 – 2.5
• OpenBSD / OpenBSD2.6 – 2.6
• OpenBSD / OpenBSD2.7 – 2.7
• OpenBSD / OpenBSD2.8 – 2.8
• OpenBSD / OpenBSD2.9 – 2.9
• OpenBSD / OpenBSD3.0 – 3.0
• OpenBSD / OpenBSD3.1 – 3.1
• OpenBSD / OpenBSD3.2 – 3.2
• sgi / irix6.5.15m – 6.5.15m
• sgi / irix6.5.15 – 6.5.15
• sgi / irix6.5.14m – 6.5.14m
• sgi / irix6.5.14f – 6.5.14f
• sgi / irix6.5.14 – 6.5.14
• sgi / irix6.5.13m – 6.5.13m
• sgi / irix6.5.13f – 6.5.13f
• sgi / irix6.5.13 – 6.5.13
• sgi / irix6.5.12m – 6.5.12m
• sgi / irix6.5.12f – 6.5.12f
• sgi / irix6.5.12 – 6.5.12
• sgi / irix6.5.11m – 6.5.11m
• sgi / irix6.5.11f – 6.5.11f
• sgi / irix6.5.11 – 6.5.11
• sgi / irix6.5.10m – 6.5.10m
• sgi / irix6.5.10f – 6.5.10f
• sgi / irix6.5.10 – 6.5.10
• sgi / irix6.5.9m – 6.5.9m
• sgi / irix6.5.9f – 6.5.9f
• sgi / irix6.5.9 – 6.5.9
• sgi / irix6.5.8m – 6.5.8m
• sgi / irix6.5.8f – 6.5.8f
• sgi / irix6.5.8 – 6.5.8
• sgi / irix6.5.7m – 6.5.7m
• sgi / irix6.5.7f – 6.5.7f
• sgi / irix6.5.7 – 6.5.7
• sgi / irix6.5.6m – 6.5.6m
• sgi / irix6.5.6f – 6.5.6f
• sgi / irix6.5.6 – 6.5.6
• sgi / irix6.5.5m – 6.5.5m
• sgi / irix6.5.5f – 6.5.5f
• sgi / irix6.5.5 – 6.5.5
• sgi / irix6.5.4m – 6.5.4m
• sgi / irix6.5.4f – 6.5.4f
• sgi / irix6.5.4 – 6.5.4
• sgi / irix6.5.3m – 6.5.3m
• sgi / irix6.5.3f – 6.5.3f
• sgi / irix6.5.3 – 6.5.3
• sgi / irix6.5.2m – 6.5.2m
• sgi / irix6.5.2f – 6.5.2f
• sgi / irix6.5.2 – 6.5.2
• sgi / irix6.5.1 – 6.5.1
• sgi / irix6.5.17f – 6.5.17f
• sgi / irix6.5.17m – 6.5.17m
• sgi / irix6.5.18 – 6.5.18
• sgi / irix6.5.18f – 6.5.18f
• sgi / irix6.5.18m – 6.5.18m
• sgi / irix6.5.19 – 6.5.19
• sgi / irix6.5.20 – 6.5.20
• sgi / irix6.5.16f – 6.5.16f
• sgi / irix6.5.16 – 6.5.16
• sgi / irix6.5.15f – 6.5.15f
• sgi / irix6.5 – 6.5
• sgi / irix6.5.16m – 6.5.16m
• sgi / irix6.5.17 – 6.5.17
• sun / solaris8.0 – 8.0
• sun / solaris9.0 – 9.0
• sun / solaris9.0 – 9.0
• sun / solaris2.5.1 – 2.5.1
• sun / solaris2.6 – 2.6
• sun / solaris7.0 – 7.0
• sun / sunos
• sun / sunos5.8 – 5.8
• sun / sunos5.5.1 – 5.5.1
• sun / sunos5.7 – 5.7

References

• VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:037
• MISChttp://www.redhat.com/support/errata/RHSA-2003-052.html
• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2003-10.html
• MISChttps://security.netapp.com/advisory/ntap-20150122-0002/
• VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-282
• MISChttp://www.securityfocus.com/archive/1/316960/30/25250/threaded
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2003_027_glibc.html
• MISChttp://www.securityfocus.com/archive/1/315638/30/25430/threaded
• MISChttp://www.redhat.com/support/errata/RHSA-2003-091.html
• VENDOR_ADVISORYhttp://www.eeye.com/html/Research/Advisories/AD20030318.html
• MISChttp://www.kb.cert.org/vuls/id/516825
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104860855114117&w=2
• VENDOR_ADVISORYftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104878237121402&w=2
• MISChttp://www.securityfocus.com/archive/1/316931/30/25250/threaded
• MISChttp://www.redhat.com/support/errata/RHSA-2003-051.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104810574423662&w=2
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
• VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-266
• MISChttp://www.redhat.com/support/errata/RHSA-2003-089.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=104811415301340&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=105362148313082&w=2
• VENDOR_ADVISORYhttp://www.debian.org/security/2003/dsa-272