CVE - CVE-2003-0028

CVE-ID
CVE-2003-0028	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20030319 EEYE: XDR Integer Overflow URL:http://marc.info/?l=bugtraq&m=104810574423662&w=2 BUGTRAQ:20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes URL:http://marc.info/?l=bugtraq&m=104811415301340&w=2 BUGTRAQ:20030319 RE: EEYE: XDR Integer Overflow URL:http://www.securityfocus.com/archive/1/315638/30/25430/threaded BUGTRAQ:20030325 GLSA: glibc (200303-22) URL:http://marc.info/?l=bugtraq&m=104860855114117&w=2 BUGTRAQ:20030331 GLSA: dietlibc (200303-29) URL:http://www.securityfocus.com/archive/1/316931/30/25250/threaded BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28) URL:http://www.securityfocus.com/archive/1/316960/30/25250/threaded BUGTRAQ:20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) URL:http://marc.info/?l=bugtraq&m=105362148313082&w=2 CALDERA:CSSA-2003-013.0 CERT:CA-2003-10 URL:http://www.cert.org/advisories/CA-2003-10.html CERT-VN:VU#516825 URL:http://www.kb.cert.org/vuls/id/516825 CONFIRM:https://security.netapp.com/advisory/ntap-20150122-0002/ DEBIAN:DSA-266 URL:http://www.debian.org/security/2003/dsa-266 DEBIAN:DSA-272 URL:http://www.debian.org/security/2003/dsa-272 DEBIAN:DSA-282 URL:http://www.debian.org/security/2003/dsa-282 EEYE:AD20030318 URL:http://www.eeye.com/html/Research/Advisories/AD20030318.html ENGARDE:ESA-20030321-010 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html FREEBSD:FreeBSD-SA-03:05 MANDRAKE:MDKSA-2003:037 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:037 NETBSD:NetBSD-SA2003-008 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc OVAL:oval:org.mitre.oval:def:230 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230 REDHAT:RHSA-2003:051 URL:http://www.redhat.com/support/errata/RHSA-2003-051.html REDHAT:RHSA-2003:052 URL:http://www.redhat.com/support/errata/RHSA-2003-052.html REDHAT:RHSA-2003:089 URL:http://www.redhat.com/support/errata/RHSA-2003-089.html REDHAT:RHSA-2003:091 URL:http://www.redhat.com/support/errata/RHSA-2003-091.html SUSE:SuSE-SA:2003:027 URL:http://www.novell.com/linux/security/advisories/2003_027_glibc.html TRUSTIX:2003-0014 URL:http://marc.info/?l=bugtraq&m=104878237121402&w=2 VULNWATCH:20030319 EEYE: XDR Integer Overflow URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Assigning CNA
MITRE Corporation
Date Record Created
20030110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20030110)
Votes (Legacy)
NOOP(1) Christey
Comments (Legacy)
Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake)
Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)