Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2003-0028

Published: 25/03/2003 Updated: 21/01/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Glibc

Vulnerability Summary

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote malicious users to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.1.1

gnu glibc 2.1.2

gnu glibc 2.3

gnu glibc 2.3.1

mit kerberos 5 1.2.5

mit kerberos 5 1.2.6

openafs openafs 1.0.4a

openafs openafs 1.1

openafs openafs 1.2.3

openafs openafs 1.2.4

sgi irix 6.5.1

sgi irix 6.5.10

sgi irix 6.5.12f

sgi irix 6.5.12m

sgi irix 6.5.13

sgi irix 6.5.15f

sgi irix 6.5.15m

sgi irix 6.5.18

sgi irix 6.5.18f

gnu glibc 2.1.3

gnu glibc 2.2

gnu glibc 2.2.1

gnu glibc 2.3.2

mit kerberos 5 1.2

mit kerberos 5 1.2.7

openafs openafs 1.0

openafs openafs 1.1.1

openafs openafs 1.1.1a

openafs openafs 1.2

openafs openafs 1.2.5

openafs openafs 1.2.6

sgi irix 6.5.10f

sgi irix 6.5.10m

sgi irix 6.5.13f

sgi irix 6.5.13m

sgi irix 6.5.16

sgi irix 6.5.16f

sgi irix 6.5.18m

sgi irix 6.5.19

sgi irix 6.5.4

sgi irix 6.5.4f

sgi irix 6.5.6m

sgi irix 6.5.7

sgi irix 6.5.9f

sgi irix 6.5.9m

sgi irix 6.5.3f

sgi irix 6.5.3m

sgi irix 6.5.6

sgi irix 6.5.6f

sgi irix 6.5.8m

sgi irix 6.5.9

gnu glibc 2.2.2

gnu glibc 2.2.3

mit kerberos 5 1.2.1

mit kerberos 5 1.2.2

openafs openafs 1.0.1

openafs openafs 1.0.2

openafs openafs 1.2.1

openafs openafs 1.2.2

openafs openafs 1.3

openafs openafs 1.3.1

sgi irix 6.5.11

sgi irix 6.5.11f

sgi irix 6.5.14

sgi irix 6.5.14f

sgi irix 6.5.16m

sgi irix 6.5.17

sgi irix 6.5.2

sgi irix 6.5.20

sgi irix 6.5.4m

sgi irix 6.5.5

sgi irix 6.5.7f

sgi irix 6.5.7m

gnu glibc 2.1

gnu glibc 2.2.4

gnu glibc 2.2.5

mit kerberos 5 1.2.3

mit kerberos 5 1.2.4

openafs openafs 1.0.3

openafs openafs 1.0.4

openafs openafs 1.2.2a

openafs openafs 1.2.2b

openafs openafs 1.3.2

sgi irix 6.5

sgi irix 6.5.11m

sgi irix 6.5.12

sgi irix 6.5.14m

sgi irix 6.5.15

sgi irix 6.5.17f

sgi irix 6.5.17m

sgi irix 6.5.2f

sgi irix 6.5.2m

sgi irix 6.5.3

sgi irix 6.5.5f

sgi irix 6.5.5m

sgi irix 6.5.8

sgi irix 6.5.8f

cray unicos 9.0

cray unicos 9.0.2.5

freebsd freebsd 4.1.1

freebsd freebsd 4.2

freebsd freebsd 4.5

freebsd freebsd 4.7

freebsd freebsd 5.0

hp hp-ux 11.22

hp hp-ux series 700 10.20

openbsd openbsd 2.2

openbsd openbsd 2.3

openbsd openbsd 2.4

openbsd openbsd 3.1

openbsd openbsd 3.2

sun sunos 5.8

sun solaris 8.0

cray unicos 8.0

cray unicos 8.3

freebsd freebsd 4.4

hp hp-ux 11.11

hp hp-ux 11.20

openbsd openbsd 2.0

openbsd openbsd 2.1

openbsd openbsd 2.9

openbsd openbsd 3.0

sun sunos 5.7

sun solaris 7.0

cray unicos 6.0

cray unicos 6.0e

cray unicos 9.2

cray unicos 9.2.4

freebsd freebsd 4.3

freebsd freebsd 4.6

freebsd freebsd 4.6.2

hp hp-ux 10.20

hp hp-ux 10.24

hp hp-ux series 800 10.20

ibm aix 4.3.3

openbsd openbsd 2.5

openbsd openbsd 2.6

sun sunos 5.5.1

sun solaris 2.5.1

sun solaris 9.0

cray unicos 6.1

cray unicos 7.0

freebsd freebsd 4.0

freebsd freebsd 4.1

hp hp-ux 11.00

hp hp-ux 11.04

ibm aix 5.1

ibm aix 5.2

openbsd openbsd 2.7

openbsd openbsd 2.8

sun solaris 2.6

sun sunos -

Vendor Advisories

Debian Security Advisories: DSA-272-1 dietlibc -- integer overflow
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems This function is part of the XDR encoder/decoder derived from Sun's RPC implementation Depending upon the application, this vulnerability can cause buffer ...

References

NVD-CWE-Otherhttp://www.eeye.com/html/Research/Advisories/AD20030318.htmlhttp://www.cert.org/advisories/CA-2003-10.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.htmlhttp://www.kb.cert.org/vuls/id/516825http://www.debian.org/security/2003/dsa-282http://www.redhat.com/support/errata/RHSA-2003-051.htmlhttp://www.redhat.com/support/errata/RHSA-2003-052.htmlhttp://www.redhat.com/support/errata/RHSA-2003-089.htmlhttp://www.redhat.com/support/errata/RHSA-2003-091.htmlhttp://www.linuxsecurity.com/advisories/engarde_advisory-3024.htmlhttp://www.debian.org/security/2003/dsa-266http://www.debian.org/security/2003/dsa-272ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.aschttp://www.novell.com/linux/security/advisories/2003_027_glibc.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:037http://marc.info/?l=bugtraq&m=104810574423662&w=2http://marc.info/?l=bugtraq&m=104878237121402&w=2http://marc.info/?l=bugtraq&m=104860855114117&w=2http://marc.info/?l=bugtraq&m=105362148313082&w=2http://marc.info/?l=bugtraq&m=104811415301340&w=2https://security.netapp.com/advisory/ntap-20150122-0002/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230http://www.securityfocus.com/archive/1/316960/30/25250/threadedhttp://www.securityfocus.com/archive/1/316931/30/25250/threadedhttp://www.securityfocus.com/archive/1/315638/30/25430/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-272https://www.kb.cert.org/vuls/id/516825
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook