glibc: integer overflow in the xdrmem_getbytes() function

Package(s):

glibc krb5 dietlibc

CVE #(s):

CAN-2003-0028

Created:

March 21, 2003

Updated:

May 27, 2003

Description:

An integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, and glibc, allows remote attackers to execute arbitrary code via certain integer values in length fields See CAN-2003-0028 and CERT advisory CA-2003-10 for more information.

Alerts:

SuSE	SuSE-SA:2003:027	glibc	2003-05-26
Slackware	ssa:2003-141-03	glibc	2003-05-22
Conectiva	CLA-2003:639	krb5	2003-05-05
Conectiva	CLA-2003:633	glibc	2003-04-30
Immunix	IMNX-2003-7+-009-01	glibc	2003-04-14
Debian	DSA-282-1	glibc	2003-04-09
Gentoo	200303-29	dietlibc	2003-03-31
Debian	DSA-272-1	dietlibc	2003-03-28
Trustix	2003-0014	glibc	2003-03-26
Mandrake	MDKSA-2003:037	glibc	2003-03-25
Gentoo	200303-22	glibc	2003-03-25
Debian	DSA-266-1	krb5	2003-03-17
Red Hat	RHSA-2003:089-00	glibc	2003-03-19
Sorcerer	SORCERER2003-03-20-2	glibc	2003-03-20
Sorcerer	SORCERER2003-03-20-1	krb5	2003-03-20
EnGarde	ESA-20030321-010	glibc	2003-03-21
SCO Group	CSSA-2003-013.0	XDR/RPC	2003-03-19

Debian alert incorrect

Posted Mar 27, 2003 17:10 UTC (Thu) by k-squire (guest, #5595) [Link] (1 responses)

The Debian alert posted here refers to the krb5 kerberos package, not glibc. AFAIK, Debian has not yet posted a glibc update.

Kevin

Debian alert incorrect

Posted Mar 27, 2003 17:34 UTC (Thu) by ris (subscriber, #5) [Link]

It is true that Debian's alert is for krb5, but it's addressing the same problems in the SUNRPC library.

Redhat's "fix" breaks other packages...

Posted Apr 10, 2003 17:09 UTC (Thu) by ronaldcole (guest, #1462) [Link]

See Bugzilla bug #87480 to see if you really want to apply Redhat's fix... I'm surprised that they haven't pushed out an errata for this "fix" yet!

<http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=87480>