Openwall GNU/*/Linux Information for VU#516825
Integer overflow in Sun RPC XDR library routines
- Vendor Information Help Date Notified: 11 Dec 2002
- Statement Date:
- Date Updated: 24 Mar 2003
Unknown. If you are the vendor named above, please contact us to update your status.
The xdrmem_getbytes() integer overflow discovered by eEye Digital Security was present in the glibc package on Openwall GNU/*/Linux until 2003/03/23 when it was corrected for Owl-current (with a back-port from the glibc CVS) and documented as a security fix in the system-wide change log available at:
Please note that Owl does not include any RPC services (but it does include a few RPC clients). It has not been fully researched whether an Owl install with no third-party software added is affected by this vulnerability at all.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.