Vulnerability Note VU#192995
Integer overflow in xdr_array() function when deserializing the XDR stream
There is an integer overflow present in the xdr_array() function distributed as part of the Sun Microsystems XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations.
The XDR (external data representation) libraries are used to provide platform-independent methods for sending data from one system process to another, typically over a network connection. Such routines are commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers who need to use common interfaces to interact with many different types of systems. The xdr_array() function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly sized dynamic memory allocation. Subsequent problems like buffer overflows may result, depending on how and where the vulnerable xdr_array() function is used.
Because SunRPC-derived XDR libraries are used by a variety of vendors in a variety of applications, this defect may lead to a number of differing security problems. Exploiting this vulnerability will lead to denial of service, execution of arbitrary code, or the disclosure of sensitive information.
Apply a patch from your vendor
Note this is an iterative process for each set of patches being applied.
Disable access to vulnerable services or applications
As a best practice, the CERT/CC recommends disabling all services that are not explicitly required.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||29 Jul 2002||20 Sep 2002|
|Debian Linux||Affected||29 Jul 2002||06 Aug 2002|
|FreeBSD, Inc.||Affected||29 Jul 2002||01 Aug 2002|
|GNU glibc||Affected||31 Jul 2002||06 Aug 2002|
|Hewlett-Packard Company||Affected||29 Jul 2002||01 Aug 2002|
|IBM Corporation||Affected||29 Jul 2002||03 Sep 2002|
|Microsoft Corporation||Affected||29 Jul 2002||03 Oct 2002|
|MIT Kerberos Development Team||Affected||02 Aug 2002||02 Aug 2002|
|NetBSD||Affected||29 Jul 2002||20 Sep 2002|
|OpenAFS||Affected||-||05 Aug 2002|
|OpenBSD||Affected||29 Jul 2002||31 Jul 2002|
|Openwall GNU/*/Linux||Affected||-||06 Aug 2002|
|Red Hat, Inc.||Affected||29 Jul 2002||05 Aug 2002|
|SGI||Affected||29 Jul 2002||19 Aug 2002|
|Sun Microsystems, Inc.||Affected||29 Jul 2002||05 Aug 2002|
CVSS Metrics (Learn More)
Thanks to Sun Microsystems for working with the CERT/CC to make this document possible. The initial vulnerability research and demonstration was performed by Internet Security Systems (ISS).
This document was written by Jeffrey S. Havrilla.
- CVE IDs: CVE-2002-0391
- CERT Advisory: CA-2002-25
- Date Public: 31 Jul 2002
- Date First Published: 01 Aug 2002
- Date Last Updated: 15 May 2006
- Severity Metric: 27.29
- Document Revision: 45
If you have feedback, comments, or additional information about this vulnerability, please send us email.