CVE-2003-0028

critical

Description

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

References

https://security.netapp.com/advisory/ntap-20150122-0002/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230

http://www.securityfocus.com/archive/1/316960/30/25250/threaded

http://www.securityfocus.com/archive/1/316931/30/25250/threaded

http://www.securityfocus.com/archive/1/315638/30/25430/threaded

http://www.redhat.com/support/errata/RHSA-2003-091.html

http://www.redhat.com/support/errata/RHSA-2003-089.html

http://www.redhat.com/support/errata/RHSA-2003-052.html

http://www.redhat.com/support/errata/RHSA-2003-051.html

http://www.novell.com/linux/security/advisories/2003_027_glibc.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:037

http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html

http://www.kb.cert.org/vuls/id/516825

http://www.debian.org/security/2003/dsa-282

http://www.debian.org/security/2003/dsa-272

http://www.debian.org/security/2003/dsa-266

http://www.cert.org/advisories/CA-2003-10.html

http://marc.info/?l=bugtraq&m=105362148313082&w=2

http://marc.info/?l=bugtraq&m=104878237121402&w=2

http://marc.info/?l=bugtraq&m=104860855114117&w=2

http://marc.info/?l=bugtraq&m=104811415301340&w=2

http://marc.info/?l=bugtraq&m=104810574423662&w=2

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html

Details

Source: Mitre, NVD

Published: 2003-03-25

Updated: 2020-01-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical