CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
http://marc.info/?l=bugtraq&m=104810574423662&w=2
http://marc.info/?l=bugtraq&m=104811415301340&w=2
http://marc.info/?l=bugtraq&m=104860855114117&w=2
http://marc.info/?l=bugtraq&m=104878237121402&w=2
http://marc.info/?l=bugtraq&m=105362148313082&w=2
http://www.cert.org/advisories/CA-2003-10.html Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-266
http://www.debian.org/security/2003/dsa-272
http://www.debian.org/security/2003/dsa-282
http://www.eeye.com/html/Research/Advisories/AD20030318.html Exploit Vendor Advisory
http://www.kb.cert.org/vuls/id/516825 US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-089.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
https://security.netapp.com/advisory/ntap-20150122-0002/
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
http://marc.info/?l=bugtraq&m=104810574423662&w=2
http://marc.info/?l=bugtraq&m=104811415301340&w=2
http://marc.info/?l=bugtraq&m=104860855114117&w=2
http://marc.info/?l=bugtraq&m=104878237121402&w=2
http://marc.info/?l=bugtraq&m=105362148313082&w=2
http://www.cert.org/advisories/CA-2003-10.html Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-266
http://www.debian.org/security/2003/dsa-272
http://www.debian.org/security/2003/dsa-282
http://www.eeye.com/html/Research/Advisories/AD20030318.html Exploit Vendor Advisory
http://www.kb.cert.org/vuls/id/516825 US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-089.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
https://security.netapp.com/advisory/ntap-20150122-0002/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:cray:unicos:6.0:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:6.0e:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:6.1:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:7.0:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:8.0:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:8.3:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:9.0:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:9.0.2.5:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:9.2:*:*:*:*:*:*:*
cpe:2.3:o:cray:unicos:9.2.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-03-25 05:00

Updated : 2025-04-03 01:03


NVD link : CVE-2003-0028

Mitre link : CVE-2003-0028

CVE.ORG link : CVE-2003-0028


JSON object : View

Products Affected

sgi

  • irix

ibm

  • aix

sun

  • sunos
  • solaris

hp

  • hp-ux_series_800
  • hp-ux
  • hp-ux_series_700

openafs

  • openafs

mit

  • kerberos_5

openbsd

  • openbsd

freebsd

  • freebsd

cray

  • unicos

gnu

  • glibc