CVE-2003-0028

5 documents5 sources

Severity

7.5HIGH

EPSS

56.1%

top 1.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cray Unicos Freebsd Freebsd GNU Glibc +10 more

Timeline

PublishedMar 25

Latest updateAug 16

Description

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages12 packages

▶NVDgnu/glibc13 versions+12

▶NVDibm/aix4.3.3, 5.1, 5.2+2

▶NVDhp/hp-ux7 versions+6

▶NVDsgi/irix55 versions+54

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

Also affects: Freebsd 4.0, 4.1, 4.1.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.6.2, 4.7, 5.0

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔍Detection Rules

Suricata

GPL RPC portmap proxy integer overflow attempt TCP↗2010-09-23

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-03-19

▶

Debian

CVE-2003-0028: dietlibc - Integer overflow in the xdrmem_getbytes() function, and possibly other functions...↗2003

▶

💬Community

Bugzilla

CVE-2003-0028 security flaw↗2018-08-16

▶