Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2002-0391

Published: 12/08/2002 Updated: 08/02/2024
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openbsd

Vulnerability Summary

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote malicious users to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openbsd 3.1

sun sunos 5.7

sun sunos 5.8

sun sunos 5.5.1

sun solaris 2.6

sun solaris 9.0

freebsd freebsd

microsoft windows nt 4.0

microsoft windows xp -

microsoft windows 2000 -

Vendor Advisories

Debian Security Advisories: DSA-146-2 dietlibc -- integer overflow
An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library This bug could be exploited to gain unauthorized root access to software linking to this code The packages below also fix integer overflows in the calloc, fread and fwrite code They are also m ...
Debian Security Advisories: DSA-142-1 openafs -- integer overflow
An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library This bug could be exploited to crash certain OpenAFS servers (volserver, vlserver, ptserver, buserver) or to obtain unauthorized root access to a host running one of these processes No exploits are known to ...
Debian Security Advisories: DSA-149-1 glibc -- integer overflow
An integer overflow bug has been discovered in the RPC library used by GNU libc, which is derived from the SunRPC library This bug could be exploited to gain unauthorized root access to software linking to this code The packages below also fix integer overflows in the malloc code They also contain a fix from Andreas Schwab to reduce linebuflen i ...
Debian Security Advisories: DSA-143-1 krb5 -- integer overflow
An integer overflow bug has been discovered in the RPC library used by the Kerberos 5 administration system, which is derived from the SunRPC library This bug could be exploited to gain unauthorized root access to a KDC host It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful No ...

References

CWE-190http://www.cert.org/advisories/CA-2002-25.htmlhttp://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823http://www.kb.cert.org/vuls/id/192995http://archives.neohapsis.com/archives/aix/2002-q4/0002.htmlftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535http://www.debian.org/security/2002/dsa-142http://www.debian.org/security/2002/dsa-143http://www.debian.org/security/2002/dsa-146http://www.debian.org/security/2002/dsa-149http://www.debian.org/security/2003/dsa-333http://www.linuxsecurity.com/advisories/other_advisory-2399.htmlhttp://online.securityfocus.com/advisories/4402http://archives.neohapsis.com/archives/hp/2002-q3/0077.htmlhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.aschttp://rhn.redhat.com/errata/RHSA-2002-166.htmlhttp://www.redhat.com/support/errata/RHSA-2003-168.htmlhttp://rhn.redhat.com/errata/RHSA-2002-172.htmlhttp://www.redhat.com/support/errata/RHSA-2002-173.htmlhttp://www.redhat.com/support/errata/RHSA-2002-167.htmlhttp://www.redhat.com/support/errata/RHSA-2003-212.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-07/0514.htmlhttp://online.securityfocus.com/archive/1/285740http://www.iss.net/security_center/static/9170.phphttp://www.securityfocus.com/bid/5356ftp://patches.sgi.com/support/free/security/advisories/20020801-01-Ahttp://marc.info/?l=bugtraq&m=102821928418261&w=2http://marc.info/?l=bugtraq&m=103158632831416&w=2http://marc.info/?l=bugtraq&m=102821785316087&w=2http://marc.info/?l=bugtraq&m=102813809232532&w=2http://marc.info/?l=bugtraq&m=102831443208382&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057ftp://patches.sgi.com/support/free/security/advisories/20020801-01-Phttps://nvd.nist.govhttps://www.debian.org/security/./dsa-146https://www.kb.cert.org/vuls/id/192995
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook