RHEL 2.1 : glibc (RHSA-2003:090)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated glibc packages are available to fix an integer overflow in the
XDR decoder.

The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server
process over a network. XDR is a mechanism for encoding data
structures for use with RPC. NFS, NIS, and many other network services
are built upon Sun RPC. The XDR encoder/decoder provided with glibc,
derived from Sun's RPC implementation, was demonstrated to be
vulnerable to an integer overflow.

An integer overflow is present in the xdrmem_getbytes() function of
glibc 2.3.1 and earlier. Depending upon the application, this
vulnerability could cause buffer overflows and may be exploitable,
leading to arbitrary code execution.

All users should upgrade to these errata packages which contain
patches to the glibc libraries and, therefore, are not vulnerable to
these issues.

Red Hat would like to thank eEye Digital Security for alerting us to
this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0028.html
http://rhn.redhat.com/errata/RHSA-2003-090.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12377 ()

Bugtraq ID:

CVE ID: CVE-2003-0028