CVE-2003-0028 Information

Description

Integer overflow in the xdrmem_getbytes() function and possibly other functions of XDR (external data representation) libraries derived from SunRPC including libnsl libc glibc and dietlibc allows remote attackers to execute arbitrary code via certain integer values in length fields a different vulnerability than CVE-2002-0391.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html http://marc.info/?l=bugtraq&m=104810574423662&w=2 http://marc.info/?l=bugtraq&m=104811415301340&w=2 http://marc.info/?l=bugtraq&m=104860855114117&w=2 http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://marc.info/?l=bugtraq&m=105362148313082&w=2 http://www.cert.org/advisories/CA-2003-10.html http://www.debian.org/security/2003/dsa-266 http://www.debian.org/security/2003/dsa-272 http://www.debian.org/security/2003/dsa-282 http://www.eeye.com/html/Research/Advisories/AD20030318.html http://www.kb.cert.org/vuls/id/516825 http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:037 http://www.novell.com/linux/security/advisories/2003_027_glibc.html http://www.redhat.com/support/errata/RHSA-2003-051.html http://www.redhat.com/support/errata/RHSA-2003-052.html http://www.redhat.com/support/errata/RHSA-2003-089.html http://www.redhat.com/support/errata/RHSA-2003-091.html http://www.securityfocus.com/archive/1/315638/30/25430/threaded http://www.securityfocus.com/archive/1/316931/30/25250/threaded http://www.securityfocus.com/archive/1/316960/30/25250/threaded https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A230 https://security.netapp.com/advisory/ntap-20150122-0002/