Sun RPC XDR xdrmem_getbytes Function Remote Overflow

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.

Synopsis :

Arbitrary code may be run on the remote server.

Description :

The RPC library has an integer overflow in the function

An attacker may use this flaw to execute arbitrary code on this host
with the privileges your RPC programs are running with (typically root),
by sending a specially crafted request to them.

Note that this issue affects Solaris, as well as Red Hat Enterprise
Linux and Fedora.

Nessus used this flaw to crash the portmapper.

Solution :

Contact the vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: RPC

Nessus Plugin ID: 11420 ()

Bugtraq ID: 7123

CVE ID: CVE-2003-0028