Mandrake Linux Security Advisory : glibc (MDKSA-2003:037)

High Nessus Plugin ID 14021


The remote Mandrake Linux host is missing one or more security updates.


An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.

The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages.


Update the affected packages.

Plugin Details

Severity: High

ID: 14021

File Name: mandrake_MDKSA-2003-037.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/07/31

Modified: 2014/04/15

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:glibc, p-cpe:/a:mandriva:linux:glibc-devel, p-cpe:/a:mandriva:linux:glibc-doc, p-cpe:/a:mandriva:linux:glibc-doc-pdf, p-cpe:/a:mandriva:linux:glibc-i18ndata, p-cpe:/a:mandriva:linux:glibc-profile, p-cpe:/a:mandriva:linux:glibc-static-devel, p-cpe:/a:mandriva:linux:glibc-utils, p-cpe:/a:mandriva:linux:ldconfig, p-cpe:/a:mandriva:linux:nscd, p-cpe:/a:mandriva:linux:timezone, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/03/25

Reference Information

CVE: CVE-2003-0028

MDKSA: 2003:037