Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Generic)  >   Glibc Vendors:   Sun
(Conectiva Issues Fix) RPC Buffer Overflow in 'xdr_array' Filter Lets Remote Users Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1005557
SecurityTracker URL:
CVE Reference:   CAN-2002-0391   (Links to External Site)
Date:  Nov 7 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the RPC library on Sun Solaris and potentially other operating systems. A remote user can execute arbitrary commands on the system with root privileges.

Internet Security Systems (ISS) X-Force reported a buffer overflow in the xdr_array filter primitive. The External Data Representation (XDR) filter primitive is used to translate variable length arrays.

A remote user can reportedly cause the RPC daemon (or other processes that use the RPC library) to pass a large number of elements to the xdr_array filter to trigger the buffer overflow and execute arbitrary commands with root privileges.

Impact:   A remote user can execute arbitrary commands with root privileges to gain root access on the system.
Solution:   Conectiva has released a fix.

For the 6.0 and 7.0 fixes, see the Source Message.

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Conectiva)
Underlying OS Comments:  6.0, 7.0, 8

Message History:   This archive entry is a follow-up to the message listed below.
Jul 31 2002 RPC Buffer Overflow in 'xdr_array' Filter Lets Remote Users Execute Arbitrary Code with Root Privileges

 Source Message Contents

Date:  Tue, 29 Oct 2002 17:34:22 -0200
Subject:  [conectiva-updates] [CLA-2002:535] Conectiva Linux Security Announcement - glibc

Hash: SHA1

- --------------------------------------------------------------------------
- --------------------------------------------------------------------------

PACKAGE   : glibc
SUMMARY   : Fix for several vulnerabilities and daylight saving time for Brazil
DATE      : 2002-10-29 16:33:00
ID        : CLA-2002:535
RELEASES  : 6.0, 7.0, 8

- -------------------------------------------------------------------------

 The GNU C Library (glibc) is the standard library used by almost any
 program in a common GNU/Linux system. 
 This announcement addresses four security vulnerabilities in glibc
 and also fixes the Brazilian timezone regarding the daylight saving
 1. XDR integer overflow [2][3]
 There is an integer overflow in the xdr_array() function derived from
 Sun's XDR library. This overflow can lead to memory being allocated
 with the wrong size, which will most likely cause buffer overflows
 later on depending on how applications use the allocated memory. The
 krb5 package also contains the vulnerable code and was already fixed
 in a previous announcement[10].
 2. Resolver read buffer overflow[4][5]
 There is a vulnerability in the way the resolver res_* family of
 functions contained in glibc and other BIND derived code are commonly
 used. These functions place their answer in a caller-supplied buffer.
 If this buffer is too small, the answer is truncated and the caller
 can check what the actual size should be by reading the return value
 of the function. Some callers, though, incorrectly take this value as
 the size of the buffer and may then read beyond its end, eventually
 causing a segmentation fault or some other kind of error.
 Thanks to Olaf Kirch for sharing a patch to fix this problem.
 3. calloc(3) integer overflow[6]
 calloc(3) is vulnerable to an integer overflow when multiplying the
 number of elements by the size of each element. This operation was
 not being verified and could result in less memory than needed to be
 allocated. Subsequent uses of this buffer would most likely result in
 buffer overflows.
 4. Possible information leak[7]
 Dmitry V. Levin spotted a possible information leak with undersized
 DNS responses, for which Solar Designer created a patch.
 Daylight saving time ("summer time") update
 On Octover 1st, 2002 the dates when daylight saving time will begin
 and end have finally been published[8] (a little more than 30 days of
 advance notice). These dates have been inserted in glibc's zoneinfo
 Historicaly the dates on which the daylight saving time starts and
 ends have always been choosen from year to year and are seldom the
 same. The National Observatory is conducting a poll[9] about this and
 we ask our users to take that poll and also manifest their opinion
 about the randomness with which these dates seem to be choosen. With
 luck, this kind of update will no longer be necessary in the future.

 It is recommended that all users upgrade their glibc packages. To fix
 the timezone regarding the daylight saving time in Brazil, please run
 the "timeconfig" tool after the update and re-select your timezone.
 IMPORTANT: all applications that were already running before the
 update must now be restarted. The following command will list those
 applications in the first column of the screen:
 lsof | grep \;
 If there is any doubt about which applications should be restarted,
 we recommend that the system be rebooted.
 6. http://CERT.Uni-Stuttgart.DE/advisories/calloc.php


 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
Instructions on how to check the signatures of the RPM packages can be
found at
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at

- -------------------------------------------------------------------------
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC