httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject CERT Advisory CA-2002-25 Integer Overflow In XDR Library
Date Tue, 06 Aug 2002 05:05:36 GMT
CERT Advisory CA-2002-25 Integer Overflow In XDR Library

   Original release date: August 05, 2002
   Last revised: --
   Source: CERT/CC

   A complete revision history can be found at the end of this file.

Systems Affected

   Applications  using  vulnerable  implementations of SunRPC-derived XDR
   libraries, which include, but are not limited to:

     * Sun Microsystems network services library (libnsl)
     * BSD-derived libraries with XDR/RPC routines (libc)
     * GNU C library with sunrpc (glibc)


   There  is  an  integer  overflow  present  in the xdr_array() function
   distributed as part of the Sun Microsystems XDR library. This overflow
   has  been  shown  to  lead to remotely exploitable buffer overflows in
   multiple  applications,  leading  to  the execution of arbitrary code.
   Although  the  library was originally distributed by Sun Microsystems,
   multiple  vendors  have  included  the  vulnerable  code  in their own

View raw message