CVE-2003-0028

HIGH

Description

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html

http://marc.info/?l=bugtraq&m=104810574423662&w=2

http://marc.info/?l=bugtraq&m=104811415301340&w=2

http://marc.info/?l=bugtraq&m=104860855114117&w=2

http://marc.info/?l=bugtraq&m=104878237121402&w=2

http://marc.info/?l=bugtraq&m=105362148313082&w=2

http://www.cert.org/advisories/CA-2003-10.html

http://www.debian.org/security/2003/dsa-266

http://www.debian.org/security/2003/dsa-272

http://www.debian.org/security/2003/dsa-282

http://www.eeye.com/html/Research/Advisories/AD20030318.html

http://www.kb.cert.org/vuls/id/516825

http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:037

http://www.novell.com/linux/security/advisories/2003_027_glibc.html

http://www.redhat.com/support/errata/RHSA-2003-051.html

http://www.redhat.com/support/errata/RHSA-2003-052.html

http://www.redhat.com/support/errata/RHSA-2003-089.html

http://www.redhat.com/support/errata/RHSA-2003-091.html

http://www.securityfocus.com/archive/1/315638/30/25430/threaded

http://www.securityfocus.com/archive/1/316931/30/25250/threaded

http://www.securityfocus.com/archive/1/316960/30/25250/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230

https://security.netapp.com/advisory/ntap-20150122-0002/

Details

Source: MITRE

Published: 2003-03-25

Updated: 2020-01-21

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH