SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Glibc Vendors:   Santa Cruz Operations
(SCO Issues Fix for Caldera Linux) Sun RPC Library Integer Overflow in xdrmem_getbytes() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006332
SecurityTracker URL:  http://securitytracker.com/id/1006332
CVE Reference:   CVE-2003-0028   (Links to External Site)
Date:  Mar 20 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   An integer overflow vulnerability was reported in the Sun RPC External Data Representation (XDR) library and related implementations, including libnsl, libc, and glibc. A remote user may be able to cause arbitrary code to be executed by an application that uses one of the affected libraries.

It is reported that the xdrmem_getbytes() function contains an integer overflow that could result in dynamic memory allocation errors. Depending on how the application that uses the function is implemented, a buffer overflow could occur.

No further details were provided.

[Editor's note: The report appeared to be an advance copy of a CERT vulnerability note. However, the text not distributed by CERT. The text contained a CERT copyright notice, so we are unable to redistributed it at this time.]

Impact:   A remote user may be able to cause arbitrary code to be executed by an application that uses one of the affected libraries. The specific impact will depend on the application.
Solution:   SCO has released a fix for glibc for Caldera OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/RPMS

Packages

22c6bf3a5dc5423c57eea99f7fef610d glibc-2.2.4-26.i386.rpm
ec9c2ce3c84aee5256371fa23067a07b glibc-devel-2.2.4-26.i386.rpm
16f2585ecc1b33ff7d3ad9b38e7dcc9a glibc-devel-static-2.2.4-26.i386.rpm
c51af00de6e168ee6ae562d91e5db1d1 glibc-localedata-2.2.4-26.i386.rpm

Installation

rpm -Fvh glibc-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/SRPMS

Source Packages

67ba9387370089a15afd038ecc277e1e glibc-2.2.4-26.src.rpm


OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/RPMS

Packages

5774225efb99e5401da7aceaf864206c glibc-2.2.4-26.i386.rpm
a1b8257b874681a45a6e89baf63f7b94 glibc-devel-2.2.4-26.i386.rpm
79311a60b66b2d62dc6ba4e7733dd58b glibc-devel-static-2.2.4-26.i386.rpm
294be611e6540c4a821e3a21e9782de1 glibc-localedata-2.2.4-26.i386.rpm

Installation

rpm -Fvh glibc-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/SRPMS

Source Packages

9acadcee5ab04b65760d047b1859c028 glibc-2.2.4-26.src.rpm


OpenLinux 3.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-013.0/RPMS

Packages

4271adc975e6ebaaecb108d72cbb4760 glibc-2.2.4-26.i386.rpm
d549f0a97100dc9aadde9bf16e8344ee glibc-devel-2.2.4-26.i386.rpm
39f53de2a5c120564b6bafeb205c1081 glibc-devel-static-2.2.4-26.i386.rpm
50b0702cf93243af4905f79ed04a1d67 glibc-localedata-2.2.4-26.i386.rpm

Installation

rpm -Fvh glibc-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-013.0/SRPMS

Source Packages

caba33ff21c2881251bf5b3c5a2b4975 glibc-2.2.4-26.src.rpm


OpenLinux 3.1 Workstation:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-013.0/RPMS

Packages

a4278a559231b9511f00f5437cf87bf7 glibc-2.2.4-26.i386.rpm
acd97a4e0865adbea7581ae2e43be41b glibc-devel-2.2.4-26.i386.rpm
29b17471105d85724c77dc1d4b4be06e glibc-devel-static-2.2.4-26.i386.rpm
6ede9ea5f28ebe882395bb110fa9c7d3 glibc-localedata-2.2.4-26.i386.rpm

Installation

rpm -Fvh glibc-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-013.0/SRPMS

Source Packages

69bd935b0ead8c59d30f3ec61ea96d13 glibc-2.2.4-26.src.rpm

Vendor URL:  www.sco.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux 3.1 and 3.1.1 Workstation and Server

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2003 Sun RPC Library Integer Overflow in xdrmem_getbytes() May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  Security Update: [CSSA-2003-013.0] Linux: integer overflow vulnerability in XDR/RPC routines


--UHN/qo2QbUvPLonB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: integer overflow vulnerability in XDR/RPC routines
Advisory number: 	CSSA-2003-013.0
Issue date: 		2003 March 19
Cross reference:
______________________________________________________________________________


1. Problem Description

	The xdrmem_getbytes() function in the XDR library provided by
	Sun Microsystems contains an integer overflow that can lead to
	improperly sized dynamic memory allocation.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to glibc-2.2.4-26.i386.rpm
					prior to glibc-devel-2.2.4-26.i386.rpm
					prior to glibc-devel-static-2.2.4-26.i386.rpm
					prior to glibc-localedata-2.2.4-26.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to glibc-2.2.4-26.i386.rpm
					prior to glibc-devel-2.2.4-26.i386.rpm
					prior to glibc-devel-static-2.2.4-26.i386.rpm
					prior to glibc-localedata-2.2.4-26.i386.rpm

	OpenLinux 3.1 Server		prior to glibc-2.2.4-26.i386.rpm
					prior to glibc-devel-2.2.4-26.i386.rpm
					prior to glibc-devel-static-2.2.4-26.i386.rpm
					prior to glibc-localedata-2.2.4-26.i386.rpm

	OpenLinux 3.1 Workstation	prior to glibc-2.2.4-26.i386.rpm
					prior to glibc-devel-2.2.4-26.i386.rpm
					prior to glibc-devel-static-2.2.4-26.i386.rpm
					prior to glibc-localedata-2.2.4-26.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/RPMS

	4.2 Packages

	22c6bf3a5dc5423c57eea99f7fef610d	glibc-2.2.4-26.i386.rpm
	ec9c2ce3c84aee5256371fa23067a07b	glibc-devel-2.2.4-26.i386.rpm
	16f2585ecc1b33ff7d3ad9b38e7dcc9a	glibc-devel-static-2.2.4-26.i386.rpm
	c51af00de6e168ee6ae562d91e5db1d1	glibc-localedata-2.2.4-26.i386.rpm

	4.3 Installation

	rpm -Fvh glibc-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-013.0/SRPMS

	4.5 Source Packages

	67ba9387370089a15afd038ecc277e1e	glibc-2.2.4-26.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/RPMS

	5.2 Packages

	5774225efb99e5401da7aceaf864206c	glibc-2.2.4-26.i386.rpm
	a1b8257b874681a45a6e89baf63f7b94	glibc-devel-2.2.4-26.i386.rpm
	79311a60b66b2d62dc6ba4e7733dd58b	glibc-devel-static-2.2.4-26.i386.rpm
	294be611e6540c4a821e3a21e9782de1	glibc-localedata-2.2.4-26.i386.rpm

	5.3 Installation

	rpm -Fvh glibc-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-013.0/SRPMS

	5.5 Source Packages

	9acadcee5ab04b65760d047b1859c028	glibc-2.2.4-26.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-013.0/RPMS

	6.2 Packages

	4271adc975e6ebaaecb108d72cbb4760	glibc-2.2.4-26.i386.rpm
	d549f0a97100dc9aadde9bf16e8344ee	glibc-devel-2.2.4-26.i386.rpm
	39f53de2a5c120564b6bafeb205c1081	glibc-devel-static-2.2.4-26.i386.rpm
	50b0702cf93243af4905f79ed04a1d67	glibc-localedata-2.2.4-26.i386.rpm

	6.3 Installation

	rpm -Fvh glibc-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-013.0/SRPMS

	6.5 Source Packages

	caba33ff21c2881251bf5b3c5a2b4975	glibc-2.2.4-26.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-013.0/RPMS

	7.2 Packages

	a4278a559231b9511f00f5437cf87bf7	glibc-2.2.4-26.i386.rpm
	acd97a4e0865adbea7581ae2e43be41b	glibc-devel-2.2.4-26.i386.rpm
	29b17471105d85724c77dc1d4b4be06e	glibc-devel-static-2.2.4-26.i386.rpm
	6ede9ea5f28ebe882395bb110fa9c7d3	glibc-localedata-2.2.4-26.i386.rpm

	7.3 Installation

	rpm -Fvh glibc-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-2.2.4-26.i386.rpm
	rpm -Fvh glibc-devel-static-2.2.4-26.i386.rpm
	rpm -Fvh glibc-localedata-2.2.4-26.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-013.0/SRPMS

	7.5 Source Packages

	69bd935b0ead8c59d30f3ec61ea96d13	glibc-2.2.4-26.src.rpm


8. References

	Specific references for this advisory:

		http://www.kb.cert.org/vuls/id/516825
		http://www.cert.org/advisories/CA-2003-10.html

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr872633, fz526862,
	erg712183.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Riley Hassell of eEye discovered and researched the xdrmem_getbytes
	vulnerability.

______________________________________________________________________________

--UHN/qo2QbUvPLonB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj55Gc4ACgkQbluZssSXDTGGXQCgvCDfzrjPo2S5LvWwzerOVXWt
yNoAn3caL+GayWh+egvqP+E2YzjLK65L
=zpxf
-----END PGP SIGNATURE-----

--UHN/qo2QbUvPLonB--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC