|
|
|||
| Rule General Information |
|---|
| Release Date: | 2010-09-23 | |
| Rule Name: | GPL RPC portmap proxy integer overflow attempt TCP Vulnerability (CVE-2003-0028) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | |
| Impact: | An attacker can exploit the affected software with a integer overflow vulnerability. Successful exploit leads to execute arbitrary code, and failed exploit may disturb the software logic and cause denial of service. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html http://marc.info/?l=bugtraq&m=104810574423662&w=2 http://marc.info/?l=bugtraq&m=104811415301340&w=2 |
|
| Solutions |
|---|
| Applying a patch is able to eliminate this problem: FreeBSD-SA-03:05:remote denial-of-service in XDR encoder/decoder |