Vulnerability Note VU#266817

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Original Release date: 04 Nov 2002 | Last revised: 09 Apr 2003

Overview

A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations.

Description

Multiple vendor Sun RPC-based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons.

Impact

A remote attacker can connect to a vulnerable service and cause the service to hang.

Solution

Apply a vendor patch when available.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected07 Oct 200218 Nov 2002
GNU glibcAffected-04 Nov 2002
IBMAffected07 Oct 200215 Jan 2003
SGIAffected-08 Nov 2002
Sun Microsystems Inc.Affected07 Oct 200228 Jan 2003
BSDIUnknown07 Oct 200208 Oct 2002
ConectivaUnknown07 Oct 200207 Oct 2002
Cray Inc.Unknown07 Oct 200230 Oct 2002
Data GeneralUnknown07 Oct 200207 Oct 2002
DebianUnknown07 Oct 200214 Oct 2002
EngardeUnknown07 Oct 200208 Oct 2002
FreeBSDUnknown07 Oct 200208 Oct 2002
FujitsuUnknown07 Oct 200208 Oct 2002
Hewlett-Packard CompanyUnknown07 Oct 200214 Oct 2002
MandrakeSoftUnknown07 Oct 200208 Oct 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2002-1265
  • Date Public: 04 Nov 2002
  • Date First Published: 04 Nov 2002
  • Date Last Updated: 09 Apr 2003
  • Severity Metric: 10.31
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.