Openwall GNU/*/Linux Information for VU#516825

Integer overflow in Sun RPC XDR library routines

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

The xdrmem_getbytes() integer overflow discovered by eEye Digital Security was present in the glibc package on Openwall GNU/*/Linux until 2003/03/23 when it was corrected for Owl-current (with a back-port from the glibc CVS) and documented as a security fix in the system-wide change log available at:

http://www.openwall.com/Owl/CHANGES-current.shtml

Please note that Owl does not include any RPC services (but it does include a few RPC clients).  It has not been fully researched whether an Owl install with no third-party software added is affected by this vulnerability at all.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.