Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Generic)  >   Glibc Vendors:   Debian
(Debian Issues Fix for Glibc) Re: RPC Buffer Overflow in 'xdr_array' Filter Lets Remote Users Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1005036
SecurityTracker URL:
CVE Reference:   CAN-2002-0391   (Links to External Site)
Date:  Aug 13 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the RPC library on Sun Solaris and potentially other operating systems. A remote user can execute arbitrary commands on the system with root privileges.

Internet Security Systems (ISS) X-Force reported a buffer overflow in the xdr_array filter primitive. The External Data Representation (XDR) filter primitive is used to translate variable length arrays.

A remote user can reportedly cause the RPC daemon (or other processes that use the RPC library) to pass a large number of elements to the xdr_array filter to trigger the buffer overflow and execute arbitrary commands with root privileges.

Impact:   A remote user can execute arbitrary commands with root privileges to gain root access on the system.
Solution:   Debian has released a fix for glibc, which is affected by the RPC bug. This has been fixed in version 2.1.3-23 for the old stable distribution (potato), in version 2.2.5-11.1 for the current stable distribution (woody) and in version 2.2.5-13 for the unstable distribution (sid).

For the patches for Debian GNU/Linux 2.2 alias potato and Debian GNU/Linux 3.0 alias woody, see the Source Message.

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  2.2, 3.0

Message History:   This archive entry is a follow-up to the message listed below.
Jul 31 2002 RPC Buffer Overflow in 'xdr_array' Filter Lets Remote Users Execute Arbitrary Code with Root Privileges

 Source Message Contents

Date:  Tue, 13 Aug 2002 10:21:57 +0200 (CEST)
Subject:  [linsec] [SECURITY] [DSA 149-1] New glibc packages fix security related problems

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 149-1                                        Martin Schulze
August 13th, 2002   
- --------------------------------------------------------------------------

Package        : glibc
Vulnerability  : integer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-0391
CERT advisory  : VU#192995

An integer overflow bug has been discovered in the RPC library used by
GNU libc, which is derived from the SunRPC library.  This bug could be
exploited to gain unauthorized root access to software linking to this
code.  The packages below also fix integer overflows in the malloc
code.  They also contain a fix from Andreas Schwab to reduce
linebuflen in parallel to bumping up the buffer pointer in the NSS DNS

This problem has been fixed in version 2.1.3-23 for the old stable
distribution (potato), in version 2.2.5-11.1 for the current stable
distribution (woody) and in version 2.2.5-13 for the unstable
distribution (sid).

We recommend that you upgrade your libc6 packages immediately.

wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
      Size/MD5 checksum:     1104 fab9931ceace447e7d513cec2c7d91fb
      Size/MD5 checksum:   148155 b00400b6be34c4c5c1c7e8e3a7cdb06c
      Size/MD5 checksum:  6598238 aea1bb5c28f793013153d1b8f91eb746

  Architecture independent components:
      Size/MD5 checksum:  2189346 180b97ad493c41c29175b1cc916449e2
      Size/MD5 checksum:  1062194 ba1b1f29bb8ac0eb33ed87e4c046439c

  Alpha architecture:
      Size/MD5 checksum:  7199774 bcc40663c3bf214ac80807f692f502e5
      Size/MD5 checksum:  2111888 cf666e30b1cef0a678bb3c13bf35d938
      Size/MD5 checksum:  3046458 62800f3e4fc5f60a2281933ab088da69
      Size/MD5 checksum:  1115228 884ae735de6ac470674295c414210d01
      Size/MD5 checksum:  1695960 9108a033696b9e173e95df4aa85edbcb
      Size/MD5 checksum:   208508 c3e9b47ee06985a658d5f688a4631554
      Size/MD5 checksum:  2283736 62e4db154a76adc5573d4007729a5a8a
      Size/MD5 checksum:   108624 9df539fccf8eb9549d543e3dea60dd7f

  ARM architecture:
      Size/MD5 checksum:  2023440 073e6f63d7b903494eaf1262362292bf
      Size/MD5 checksum:  2334748 7c1c717179ca03c7ff002dd34e487b55
      Size/MD5 checksum:  2366020 66bc6ac73988db445abcf9ff5d177081
      Size/MD5 checksum:   751768 fe821267709cf3d6bee83da37a36f240
      Size/MD5 checksum:  1067544 0f489c9e65a37756ac25132795a1f821
      Size/MD5 checksum:  2284536 059b2ea5d1210e5770a9e0dc47aed57a
      Size/MD5 checksum:    36780 7b8e88375ffb58bd40fa9111d0a5c564

  Intel IA-32 architecture:
      Size/MD5 checksum:  1901000 894439e9f3d544dc52372fbef522e836
      Size/MD5 checksum:  2442224 c3c057e7d45ba6edce0030e055b10f8f
      Size/MD5 checksum:  2169778 45a617aef82db01660bb510974df387c
      Size/MD5 checksum:   671066 7f297cbe84c43d4a3b7dec5a70b0f593
      Size/MD5 checksum:   935076 fb8b3c44eb7bdf9d61403a34b2a14f93
      Size/MD5 checksum:    38566 4dfd40d9097842e662588165cc65acff
      Size/MD5 checksum:  2284376 e041080ef4089cd5db7affa9dd8244de
      Size/MD5 checksum:    36000 45aa1f42a52db67528c7359c791c1d7d

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1884908 9eb87d46499750746c258d8f081eb2e0
      Size/MD5 checksum:  2446618 9eea7fd8488e943da7b538f61d338ac7
      Size/MD5 checksum:  2097566 917e0570cea6f65f8095b3e15626214b
      Size/MD5 checksum:   575612 e00fd91666d6cda92357d29d2f93ffe1
      Size/MD5 checksum:   844118 c17108ce47cca5f871fec13bb5ba13d5
      Size/MD5 checksum:    36836 f7d3c32050d84caf22f6c5bdedc25520
      Size/MD5 checksum:  2284384 7f8ccb2cfecabc671f5ef658c8e773a6
      Size/MD5 checksum:    34954 2e1c2abfe0a563cee3ab6a7e67aadce8

  PowerPC architecture:
      Size/MD5 checksum:  2101478 ef81eebd639c73cef1b6d910913058d4
      Size/MD5 checksum:  2517200 0e170bd0a01d01e6c44a6fe85e3056a6
      Size/MD5 checksum:  2380042 82af0513632431f82ffec6912c782d18
      Size/MD5 checksum:   743014 be4973cecf36b2dc8e33ffa0573913af
      Size/MD5 checksum:  1132472 f11cb90405083361a3addeb735724815
      Size/MD5 checksum:  2283704 776af7d11c1e3a0b41ac7322abf81246
      Size/MD5 checksum:    37452 9a00c606d8a3f5ec16d253765355bbdc

  Sun Sparc architecture:
      Size/MD5 checksum:  2076470 9c89607e5d402f52f3578580a8bb4c0a
      Size/MD5 checksum:  2495688 17d6d081161f2d756bb974316190b6ce
      Size/MD5 checksum:  2355028 727a6a0542c43d86177c79a51d560c25
      Size/MD5 checksum:   745696 c6e2b1afe850f55ebc1600ad18ebcaf2
      Size/MD5 checksum:  1055728 10634306a00615a663fdead44cc8f8b8
      Size/MD5 checksum:  2283704 c07c6afac2b862d94ccbe9ed8b87ad39
      Size/MD5 checksum:    36740 3c0720f9dbd0215c00decd1c2370934c

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1246 79869668189c33771fdc17a48cb2ba5d
      Size/MD5 checksum:   396579 018ba95238c0fedde2e360fdcd757e17
      Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9

  Architecture independent components:
      Size/MD5 checksum:  2698580 9181224e951dd9c3464973173065c518
      Size/MD5 checksum:  3390398 f8d520a37520621488cb96d4bb3752e5

  Alpha architecture:
      Size/MD5 checksum:  4557192 ad951f4d913d4e3bd331e8fc408488e6
      Size/MD5 checksum:  1350384 2ba78e7c6df9d7d0e18ed1ab9b39bb60
      Size/MD5 checksum:  2980682 a43da2552972e33cfbccb9e72e861ef8
      Size/MD5 checksum:  1321090 e2fbca67cc8b64e2581b2ef662835189
      Size/MD5 checksum:  1538396 7b26f630aed6c7ba6075716ba9c51c0e
      Size/MD5 checksum:    69274 71567a01655c36dae53e6458866cfc66

  ARM architecture:
      Size/MD5 checksum:  3685496 6cb722cbc27d5de0d3df2e42aadefa01
      Size/MD5 checksum:  2766464 e0dc7a1816a9d5224a08651c8c52d33e
      Size/MD5 checksum:  2862852 e617636521b972c556c907e6831c3b14
      Size/MD5 checksum:  1181714 978de3e73221b438429660d32d5faad3
      Size/MD5 checksum:  1282154 054bfd6dbb1789c96364417795ebe777
      Size/MD5 checksum:    59032 987f67056bd666c3815e78a9a659fdaa

  Intel IA-32 architecture:
      Size/MD5 checksum:  3382744 d3ba49265e9fde0970f708fea7ddae2d
      Size/MD5 checksum:  2433044 cbb2fa15021ae82d9353d1d88a96ba7a
      Size/MD5 checksum:  2390292 8630f1a02caf20876e82840a838241cb
      Size/MD5 checksum:   841280 cfa7b6681591aab3266f1ca7ac35939d
      Size/MD5 checksum:   935494 e725fac4935fd8aa780c3887b014fa7b
      Size/MD5 checksum:    58758 4dfeec37cf7d17ba7b97cdc0ae212de8

  Intel IA-64 architecture:
      Size/MD5 checksum:  4438820 9cb2d858cd43643f96fef63d6b6b4af6
      Size/MD5 checksum:  8368982 418cc7e7910b0c263e92d3d06542281c
      Size/MD5 checksum:  3557310 fbd4d8af758d51eaa6c2bbdfccd7c496
      Size/MD5 checksum:  1365864 3dacb81411f9ce5ddb87f2ca91705634
      Size/MD5 checksum:  1637738 cb46289104d694407fff032e6e3a8678
      Size/MD5 checksum:    69372 8efa69ab5be9fe478931a074d5bc11e2

  HP Precision architecture:
      Size/MD5 checksum:  4170456 2ce8d62384d0b2d7057ed4eb74287f1e
      Size/MD5 checksum:  3059890 68e017540ce0fb32873b6df284529bd7
      Size/MD5 checksum:  2896794 f0b9bd279a9493785d4b28328fec2a70
      Size/MD5 checksum:  1280038 23ac064e84645473f49bf6fc9d385875
      Size/MD5 checksum:  1445194 22a590dd3755bdf74de17b310fe906d2
      Size/MD5 checksum:    62174 c86a749100a105b875822b2711ec088f

  Motorola 680x0 architecture:
      Size/MD5 checksum:  3505360 57c817ed4f56c5a4257c46a112f3aaac
      Size/MD5 checksum:  2430120 db2050aeef18c9f256034a872053a8a4
      Size/MD5 checksum:  2283726 d2c1a60e81e43a196344dd01d4ebb65d
      Size/MD5 checksum:   730762 4e7a16b50a46df933d9b4bf7fc7050b2
      Size/MD5 checksum:   838730 b6248b68b035bce86c7c756a794ad786
      Size/MD5 checksum:    57606 367201b7fcbbb5616e9f9a2cdbeb5129

  Big endian MIPS architecture:
      Size/MD5 checksum:  3863882 77b36c2f0b81d50cb4a0847ee01f3d19
      Size/MD5 checksum:  3845492 c0d77fa8be54768dbb052af24cf70c36
      Size/MD5 checksum:  2979284 e861030039fd5fd898646cb82e95ebec
      Size/MD5 checksum:  1203580 8c72614f19762ea13482e81e29af4107
      Size/MD5 checksum:  1358006 7e75df4325e20f2478fd54d441fcc715
      Size/MD5 checksum:    60704 d2387e9cad995ee10b0513d3b6e79fb9

  Little endian MIPS architecture:
      Size/MD5 checksum:  3731092 5f537aa6ad70002211455c699abb555c
      Size/MD5 checksum:  3752938 1e409ec03cc57ed27e3b35bd744fe688
      Size/MD5 checksum:  2971866 336b39822595b14a1921dc65a0de0cff
      Size/MD5 checksum:  1197810 a8d8498b3282aed435f9f8ab0b3d6905
      Size/MD5 checksum:  1352706 b9d9fb7a200eecb96a96cc2972e3918f
      Size/MD5 checksum:    60660 712ec0abed411be2481b59b619700b61

  PowerPC architecture:
      Size/MD5 checksum:  3979450 db1a19a43c4d3ffdc65fbd77b7061563
      Size/MD5 checksum:  2869066 8271009f50b47fbd0d4086a5fb62c330
      Size/MD5 checksum:  2819446 c2700b6a232bc0b953d019da37d56b0b
      Size/MD5 checksum:  1148186 969a1ac7ad4dd77d070303e4ab6a2a6a
      Size/MD5 checksum:  1343068 21cce061fc164921f95ca9519a2a1a45
      Size/MD5 checksum:    59694 d31b8b79e38842293a6db5846e5c4dc6

  IBM S/390 architecture:
      Size/MD5 checksum:  3906476 1d3ea71124678f9b862274d2af1408a6
      Size/MD5 checksum:  1211024 3b0aaca4a4a389c555f8dbd9d6b34e5c
      Size/MD5 checksum:  2594858 40cc49d566485948afbceccba63d7e5d
      Size/MD5 checksum:  1091428 7036c91f2e6a7eaaeebd7897f4581aca
      Size/MD5 checksum:  1170368 2745dec6bf2387b0661df18860ed1b4b
      Size/MD5 checksum:    60546 8498d01698260ac6ec0d3c2f8fff7c1a

  Sun Sparc architecture:
      Size/MD5 checksum:  3862746 d91466f4b9e4897cbafc4c1199be88f3
      Size/MD5 checksum:  2816146 513bed2e76f70042ca7f7e7b15c8cca8
      Size/MD5 checksum:  2752262 8a3f9191051db7997178ae485ef85dbc
      Size/MD5 checksum:  1630266 dee3f3529595b9a563262776642275f6
      Size/MD5 checksum:  1146040 1721ff7fef4439939c307eee7b1f44f7
      Size/MD5 checksum:  1257694 ee6c1c61a1908f92e3317c7d2207a0c2
      Size/MD5 checksum:  4185158 712673f9663ac49811d127a6bb30ce47
      Size/MD5 checksum:    59606 a1f86066822e4778df6b420f7dad13fa

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.0.7 (GNU/Linux)


linsec mailing list


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC