Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0391

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0391
Last Modified 07 Mar 2011 09:08:10
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0391

Summary

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Vulnerable Systems

Operating System

  • Freebsd 4.6.1

  • Openbsd 3.1

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0


References

CERT - CA-2002-25

CERT-VN - VU#192995

ISS - 20020731 Remote Buffer Overflow Vulnerability in Sun RPC

SGI - 20020801-01-P

BID - 5356

REDHAT - RHSA-2003:212

REDHAT - RHSA-2003:168

REDHAT - RHSA-2002:173

REDHAT - RHSA-2002:167

MS - MS02-057

MANDRAKE - MDKSA-2002:057

ENGARDE - ESA-20021003-021

XF - sunrpc-xdr-array-bo(9170)

DEBIAN - DSA-333

DEBIAN - DSA-149

DEBIAN - DSA-146

DEBIAN - DSA-143

DEBIAN - DSA-142

REDHAT - RHSA-2002:172

REDHAT - RHSA-2002:166

BUGTRAQ - 20020802 kerberos rpc xdr_array

HP - HPSBTL0208-061

BUGTRAQ - 20020909 GLSA: glibc

BUGTRAQ - 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin

FREEBSD - FreeBSD-SA-02:34.rpc

BUGTRAQ - 20020801 RPC analysis

CONECTIVA - CLA-2002:535

CONECTIVA - CLA-2002:515

HP - HPSBUX0209-215

BUGTRAQ - 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers

AIXAPAR - IY34194

NETBSD - NetBSD-SA2002-011

CALDERA - CSSA-2002-055.0

SGI - 20020801-01-A

Related Patches

HP-UX PHKL_43822 11.11 SPP fragmentation; AIO; EVP; ufalloc; dup2 race

HP-UX PHKL_43823 11.11 select_enh tunable; Buffer Cache Perf


Last Updated: 27 May 2016 10:36:58