CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
http://marc.info/?l=bugtraq&m=104810574423662&w=2
http://marc.info/?l=bugtraq&m=104811415301340&w=2
http://marc.info/?l=bugtraq&m=104860855114117&w=2
http://marc.info/?l=bugtraq&m=104878237121402&w=2
http://marc.info/?l=bugtraq&m=105362148313082&w=2
http://www.cert.org/advisories/CA-2003-10.html	Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-266
http://www.debian.org/security/2003/dsa-272
http://www.debian.org/security/2003/dsa-282
http://www.eeye.com/html/Research/Advisories/AD20030318.html	Exploit Vendor Advisory
http://www.kb.cert.org/vuls/id/516825	US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-089.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
https://security.netapp.com/advisory/ntap-20150122-0002/
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
http://marc.info/?l=bugtraq&m=104810574423662&w=2
http://marc.info/?l=bugtraq&m=104811415301340&w=2
http://marc.info/?l=bugtraq&m=104860855114117&w=2
http://marc.info/?l=bugtraq&m=104878237121402&w=2
http://marc.info/?l=bugtraq&m=105362148313082&w=2
http://www.cert.org/advisories/CA-2003-10.html	Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-266
http://www.debian.org/security/2003/dsa-272
http://www.debian.org/security/2003/dsa-282
http://www.eeye.com/html/Research/Advisories/AD20030318.html	Exploit Vendor Advisory
http://www.kb.cert.org/vuls/id/516825	US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-089.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
https://security.netapp.com/advisory/ntap-20150122-0002/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:glibc:2.1:::::::*
	cpe:2.3:a:gnu:glibc:2.1.1:::::::*
	cpe:2.3:a:gnu:glibc:2.1.2:::::::*
	cpe:2.3:a:gnu:glibc:2.1.3:::::::*
	cpe:2.3:a:gnu:glibc:2.2:::::::*
	cpe:2.3:a:gnu:glibc:2.2.1:::::::*
	cpe:2.3:a:gnu:glibc:2.2.2:::::::*
	cpe:2.3:a:gnu:glibc:2.2.3:::::::*
	cpe:2.3:a:gnu:glibc:2.2.4:::::::*
	cpe:2.3:a:gnu:glibc:2.2.5:::::::*
	cpe:2.3:a:gnu:glibc:2.3:::::::*
	cpe:2.3:a:gnu:glibc:2.3.1:::::::*
	cpe:2.3:a:gnu:glibc:2.3.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.5:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.6:::::::*
	cpe:2.3:a:mit:kerberos_5:1.2.7:::::::*
	cpe:2.3:a:openafs:openafs:1.0:::::::*
	cpe:2.3:a:openafs:openafs:1.0.1:::::::*
	cpe:2.3:a:openafs:openafs:1.0.2:::::::*
	cpe:2.3:a:openafs:openafs:1.0.3:::::::*
	cpe:2.3:a:openafs:openafs:1.0.4:::::::*
	cpe:2.3:a:openafs:openafs:1.0.4a:::::::*
	cpe:2.3:a:openafs:openafs:1.1:::::::*
	cpe:2.3:a:openafs:openafs:1.1.1:::::::*
	cpe:2.3:a:openafs:openafs:1.1.1a:::::::*
	cpe:2.3:a:openafs:openafs:1.2:::::::*
	cpe:2.3:a:openafs:openafs:1.2.1:::::::*
	cpe:2.3:a:openafs:openafs:1.2.2:::::::*
	cpe:2.3:a:openafs:openafs:1.2.2a:::::::*
	cpe:2.3:a:openafs:openafs:1.2.2b:::::::*
	cpe:2.3:a:openafs:openafs:1.2.3:::::::*
	cpe:2.3:a:openafs:openafs:1.2.4:::::::*
	cpe:2.3:a:openafs:openafs:1.2.5:::::::*
	cpe:2.3:a:openafs:openafs:1.2.6:::::::*
	cpe:2.3:a:openafs:openafs:1.3:::::::*
	cpe:2.3:a:openafs:openafs:1.3.1:::::::*
	cpe:2.3:a:openafs:openafs:1.3.2:::::::*
	cpe:2.3:o:sgi:irix:6.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.1:::::::*
	cpe:2.3:o:sgi:irix:6.5.2:::::::*
	cpe:2.3:o:sgi:irix:6.5.2f:::::::*
	cpe:2.3:o:sgi:irix:6.5.2m:::::::*
	cpe:2.3:o:sgi:irix:6.5.3:::::::*
	cpe:2.3:o:sgi:irix:6.5.3f:::::::*
	cpe:2.3:o:sgi:irix:6.5.3m:::::::*
	cpe:2.3:o:sgi:irix:6.5.4:::::::*
	cpe:2.3:o:sgi:irix:6.5.4f:::::::*
	cpe:2.3:o:sgi:irix:6.5.4m:::::::*
	cpe:2.3:o:sgi:irix:6.5.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.5f:::::::*
	cpe:2.3:o:sgi:irix:6.5.5m:::::::*
	cpe:2.3:o:sgi:irix:6.5.6:::::::*
	cpe:2.3:o:sgi:irix:6.5.6f:::::::*
	cpe:2.3:o:sgi:irix:6.5.6m:::::::*
	cpe:2.3:o:sgi:irix:6.5.7:::::::*
	cpe:2.3:o:sgi:irix:6.5.7f:::::::*
	cpe:2.3:o:sgi:irix:6.5.7m:::::::*
	cpe:2.3:o:sgi:irix:6.5.8:::::::*
	cpe:2.3:o:sgi:irix:6.5.8f:::::::*
cpe:2.3:o:sgi:irix:6.5.8m:::::::*
cpe:2.3:o:sgi:irix:6.5.9:::::::*
cpe:2.3:o:sgi:irix:6.5.9f:::::::*
cpe:2.3:o:sgi:irix:6.5.9m:::::::*
cpe:2.3:o:sgi:irix:6.5.10:::::::*
cpe:2.3:o:sgi:irix:6.5.10f:::::::*
cpe:2.3:o:sgi:irix:6.5.10m:::::::*
cpe:2.3:o:sgi:irix:6.5.11:::::::*
cpe:2.3:o:sgi:irix:6.5.11f:::::::*
cpe:2.3:o:sgi:irix:6.5.11m:::::::*
cpe:2.3:o:sgi:irix:6.5.12:::::::*
cpe:2.3:o:sgi:irix:6.5.12f:::::::*
cpe:2.3:o:sgi:irix:6.5.12m:::::::*
cpe:2.3:o:sgi:irix:6.5.13:::::::*
cpe:2.3:o:sgi:irix:6.5.13f:::::::*
cpe:2.3:o:sgi:irix:6.5.13m:::::::*
cpe:2.3:o:sgi:irix:6.5.14:::::::*
cpe:2.3:o:sgi:irix:6.5.14f:::::::*
cpe:2.3:o:sgi:irix:6.5.14m:::::::*
cpe:2.3:o:sgi:irix:6.5.15:::::::*
cpe:2.3:o:sgi:irix:6.5.15f:::::::*
cpe:2.3:o:sgi:irix:6.5.15m:::::::*
cpe:2.3:o:sgi:irix:6.5.16:::::::*
cpe:2.3:o:sgi:irix:6.5.16f:::::::*
cpe:2.3:o:sgi:irix:6.5.16m:::::::*
cpe:2.3:o:sgi:irix:6.5.17:::::::*
cpe:2.3:o:sgi:irix:6.5.17f:::::::*
cpe:2.3:o:sgi:irix:6.5.17m:::::::*
cpe:2.3:o:sgi:irix:6.5.18:::::::*
cpe:2.3:o:sgi:irix:6.5.18f:::::::*
cpe:2.3:o:sgi:irix:6.5.18m:::::::*
cpe:2.3:o:sgi:irix:6.5.19:::::::*
cpe:2.3:o:sgi:irix:6.5.20:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:cray:unicos:6.0:::::::*
	cpe:2.3:o:cray:unicos:6.0e:::::::*
	cpe:2.3:o:cray:unicos:6.1:::::::*
	cpe:2.3:o:cray:unicos:7.0:::::::*
	cpe:2.3:o:cray:unicos:8.0:::::::*
	cpe:2.3:o:cray:unicos:8.3:::::::*
	cpe:2.3:o:cray:unicos:9.0:::::::*
	cpe:2.3:o:cray:unicos:9.0.2.5:::::::*
	cpe:2.3:o:cray:unicos:9.2:::::::*
	cpe:2.3:o:cray:unicos:9.2.4:::::::*
	cpe:2.3:o:freebsd:freebsd:4.0:::::::*
	cpe:2.3:o:freebsd:freebsd:4.1:::::::*
	cpe:2.3:o:freebsd:freebsd:4.1.1:::::::*
	cpe:2.3:o:freebsd:freebsd:4.1.1:release::::::
	cpe:2.3:o:freebsd:freebsd:4.1.1:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.2:::::::*
	cpe:2.3:o:freebsd:freebsd:4.2:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.3:::::::*
	cpe:2.3:o:freebsd:freebsd:4.3:release::::::
	cpe:2.3:o:freebsd:freebsd:4.3:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.4:::::::*
	cpe:2.3:o:freebsd:freebsd:4.4:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.5:::::::*
	cpe:2.3:o:freebsd:freebsd:4.5:release::::::
	cpe:2.3:o:freebsd:freebsd:4.5:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.6:::::::*
	cpe:2.3:o:freebsd:freebsd:4.6:release::::::
	cpe:2.3:o:freebsd:freebsd:4.6:stable::::::
	cpe:2.3:o:freebsd:freebsd:4.6.2:::::::*
	cpe:2.3:o:freebsd:freebsd:4.7:::::::*
	cpe:2.3:o:freebsd:freebsd:4.7:release::::::
	cpe:2.3:o:freebsd:freebsd:4.7:stable::::::
	cpe:2.3:o:freebsd:freebsd:5.0:::::::*
	cpe:2.3:o:hp:hp-ux:10.20:::::::*
	cpe:2.3:o:hp:hp-ux:10.24:::::::*
	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.04:::::::*
	cpe:2.3:o:hp:hp-ux:11.11:::::::*
	cpe:2.3:o:hp:hp-ux:11.20:::::::*
	cpe:2.3:o:hp:hp-ux:11.22:::::::*
	cpe:2.3:o:hp:hp-ux_series_700:10.20:::::::*
	cpe:2.3:o:hp:hp-ux_series_800:10.20:::::::*
	cpe:2.3:o:ibm:aix:4.3.3:::::::*
	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:openbsd:openbsd:2.0:::::::*
	cpe:2.3:o:openbsd:openbsd:2.1:::::::*
	cpe:2.3:o:openbsd:openbsd:2.2:::::::*
	cpe:2.3:o:openbsd:openbsd:2.3:::::::*
	cpe:2.3:o:openbsd:openbsd:2.4:::::::*
	cpe:2.3:o:openbsd:openbsd:2.5:::::::*
	cpe:2.3:o:openbsd:openbsd:2.6:::::::*
	cpe:2.3:o:openbsd:openbsd:2.7:::::::*
	cpe:2.3:o:openbsd:openbsd:2.8:::::::*
	cpe:2.3:o:openbsd:openbsd:2.9:::::::*
	cpe:2.3:o:openbsd:openbsd:3.0:::::::*
	cpe:2.3:o:openbsd:openbsd:3.1:::::::*
	cpe:2.3:o:openbsd:openbsd:3.2:::::::*
	cpe:2.3:o:sun:solaris:2.5.1::x86:::::
	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:solaris:7.0::x86:::::
	cpe:2.3:o:sun:solaris:8.0::x86:::::
	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:9.0::x86:::::
cpe:2.3:o:sun:sunos:-:::::::*
cpe:2.3:o:sun:sunos:5.5.1:::::::*
cpe:2.3:o:sun:sunos:5.7:::::::*
cpe:2.3:o:sun:sunos:5.8:::::::*

History

20 Nov 2024, 23:43

Information

Published : 2003-03-25 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-0028

Mitre link : CVE-2003-0028

CVE.ORG link : CVE-2003-0028

JSON object : View

Products Affected

hp-ux_series_700
hp-ux_series_800
hp-ux

ibm

sun

sunos
solaris

openbsd

openbsd

openafs

openafs

sgi

irix

freebsd

freebsd

cray

unicos

gnu

glibc

mit

kerberos_5

CWE

NVD-CWE-Other

7.5 /10