Vulnerability CVE-2003-0028

Vulnerability CVE-2003-0028

Published: 2003-03-25 Modified: 2012-02-12

Description:

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
SUN -> Solaris
SUN -> Sunos
SGI -> IRIX
Openbsd -> Openbsd
Openafs -> Openafs
MIT -> Kerberos
IBM -> AIX
HP -> Hp-ux
HP -> Hp-ux series 700
HP -> Hp-ux series 800
GNU -> Glibc
Freebsd -> Freebsd
CRAY -> Unicos

References:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html

http://marc.info/?l=bugtraq&m=104810574423662&w=2

http://marc.info/?l=bugtraq&m=104811415301340&w=2

http://marc.info/?l=bugtraq&m=104860855114117&w=2

http://marc.info/?l=bugtraq&m=104878237121402&w=2

http://marc.info/?l=bugtraq&m=105362148313082&w=2

http://www.cert.org/advisories/CA-2003-10.html

http://www.debian.org/security/2003/dsa-266

http://www.debian.org/security/2003/dsa-272

http://www.debian.org/security/2003/dsa-282

http://www.eeye.com/html/Research/Advisories/AD20030318.html

http://www.kb.cert.org/vuls/id/516825

http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:037

http://www.novell.com/linux/security/advisories/2003_027_glibc.html

http://www.redhat.com/support/errata/RHSA-2003-051.html

http://www.redhat.com/support/errata/RHSA-2003-052.html

http://www.redhat.com/support/errata/RHSA-2003-089.html

http://www.redhat.com/support/errata/RHSA-2003-091.html

http://www.securityfocus.com/archive/1/315638/30/25430/threaded

http://www.securityfocus.com/archive/1/316931/30/25250/threaded

http://www.securityfocus.com/archive/1/316960/30/25250/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230

https://security.netapp.com/advisory/ntap-20150122-0002/

Vulnerability CVE-2003-0028

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: