Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0028

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0028
Last Modified 07 Mar 2011 09:11:57
Published 25 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0028

Summary

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Vulnerable Systems

Operating System

  • Cray Unicos 6.0

  • Cray Unicos 6.0e

  • Cray Unicos 6.1

  • Cray Unicos 7.0

  • Cray Unicos 8.0

  • Cray Unicos 8.3

  • Cray Unicos 9.0

  • Cray Unicos 9.0.2.5

  • Cray Unicos 9.2

  • Cray Unicos 9.2.4

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 5.0

  • Hp-ux 10.20

  • Hp-ux 10.24

  • Hp-ux 11.00

  • Hp-ux 11.04

  • Hp-ux 11.11

  • Hp-ux 11.20

  • Hp-ux 11.22

  • Hp-ux Series 700 10.20

  • Hp-ux Series 800 10.20

  • Ibm Aix 4.3.3

  • Ibm Aix 5.1

  • Ibm Aix 5.2

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

  • Sgi Irix 6.5

  • Sgi Irix 6.5.1

  • Sgi Irix 6.5.10

  • Sgi Irix 6.5.10f

  • Sgi Irix 6.5.10m

  • Sgi Irix 6.5.11

  • Sgi Irix 6.5.11f

  • Sgi Irix 6.5.11m

  • Sgi Irix 6.5.12

  • Sgi Irix 6.5.12f

  • Sgi Irix 6.5.12m

  • Sgi Irix 6.5.13

  • Sgi Irix 6.5.13f

  • Sgi Irix 6.5.13m

  • Sgi Irix 6.5.14

  • Sgi Irix 6.5.14f

  • Sgi Irix 6.5.14m

  • Sgi Irix 6.5.15

  • Sgi Irix 6.5.15f

  • Sgi Irix 6.5.15m

  • Sgi Irix 6.5.16

  • Sgi Irix 6.5.16f

  • Sgi Irix 6.5.16m

  • Sgi Irix 6.5.17

  • Sgi Irix 6.5.17f

  • Sgi Irix 6.5.17m

  • Sgi Irix 6.5.18

  • Sgi Irix 6.5.18f

  • Sgi Irix 6.5.18m

  • Sgi Irix 6.5.19

  • Sgi Irix 6.5.2

  • Sgi Irix 6.5.20

  • Sgi Irix 6.5.2f

  • Sgi Irix 6.5.2m

  • Sgi Irix 6.5.3

  • Sgi Irix 6.5.3f

  • Sgi Irix 6.5.3m

  • Sgi Irix 6.5.4

  • Sgi Irix 6.5.4f

  • Sgi Irix 6.5.4m

  • Sgi Irix 6.5.5

  • Sgi Irix 6.5.5f

  • Sgi Irix 6.5.5m

  • Sgi Irix 6.5.6

  • Sgi Irix 6.5.6f

  • Sgi Irix 6.5.6m

  • Sgi Irix 6.5.7

  • Sgi Irix 6.5.7f

  • Sgi Irix 6.5.7m

  • Sgi Irix 6.5.8

  • Sgi Irix 6.5.8f

  • Sgi Irix 6.5.8m

  • Sgi Irix 6.5.9

  • Sgi Irix 6.5.9f

  • Sgi Irix 6.5.9m

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0

Application

  • Gnu Glibc 2.1

  • Gnu Glibc 2.1.1

  • Gnu Glibc 2.1.2

  • Gnu Glibc 2.1.3

  • Gnu Glibc 2.2

  • Gnu Glibc 2.2.1

  • Gnu Glibc 2.2.2

  • Gnu Glibc 2.2.3

  • Gnu Glibc 2.2.4

  • Gnu Glibc 2.2.5

  • Gnu Glibc 2.3

  • Gnu Glibc 2.3.1

  • Gnu Glibc 2.3.2

  • Mit Kerberos 5-1.2

  • Mit Kerberos 5-1.2.1

  • Mit Kerberos 5-1.2.2

  • Mit Kerberos 5-1.2.3

  • Mit Kerberos 5-1.2.4

  • Mit Kerberos 5-1.2.5

  • Mit Kerberos 5-1.2.6

  • Mit Kerberos 5-1.2.7

  • Openafs 1.0

  • Openafs 1.0.1

  • Openafs 1.0.2

  • Openafs 1.0.3

  • Openafs 1.0.4

  • Openafs 1.0.4a

  • Openafs 1.1

  • Openafs 1.1.1

  • Openafs 1.1.1a

  • Openafs 1.2

  • Openafs 1.2.1

  • Openafs 1.2.2

  • Openafs 1.2.2a

  • Openafs 1.2.2b

  • Openafs 1.2.3

  • Openafs 1.2.4

  • Openafs 1.2.5

  • Openafs 1.2.6

  • Openafs 1.3

  • Openafs 1.3.1

  • Openafs 1.3.2


References

CERT - CA-2003-10

CERT-VN - VU#516825

BUGTRAQ - 20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)

REDHAT - RHSA-2003:091

REDHAT - RHSA-2003:089

REDHAT - RHSA-2003:052

REDHAT - RHSA-2003:051

SUSE - SuSE-SA:2003:027

ENGARDE - ESA-20030321-010

EEYE - AD20030318

DEBIAN - DSA-282

DEBIAN - DSA-272

DEBIAN - DSA-266

TRUSTIX - 2003-0014

BUGTRAQ - 20030325 GLSA: glibc (200303-22)

BUGTRAQ - 20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes

BUGTRAQ - 20030319 EEYE: XDR Integer Overflow

NETBSD - NetBSD-SA2003-008

BUGTRAQ - 20030331 GLSA: krb5 & mit-krb5 (200303-28)

BUGTRAQ - 20030331 GLSA: dietlibc (200303-29)

BUGTRAQ - 20030319 RE: EEYE: XDR Integer Overflow

MANDRAKE - MDKSA-2003:037


Last Updated: 27 May 2016 10:37:45