Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Openwall GNU/*/Linux Information for VU#192995

Date Notified
Date Modified01/10/2005 01:44:19 PM
Status SummaryVulnerable

Vendor Statement

The xdr_array(3) integer overflow was present in the glibc package on
Openwall GNU/*/Linux until 2002/08/01 when it was corrected for
Owl-current and documented as a security fix in the system-wide change
log available at:

http://www.openwall.com/Owl/CHANGES.shtml

The same glibc package update also fixes a very similar but different
calloc(3) integer overflow possibility that is currently not known to
allow for an attack on a particular application, but has been patched
as a proactive measure.  The Sun RPC xdr_array(3) overflow may allow
for passive attacks on mount(8) by malicious or spoofed NFSv3 servers
as well as for both passive and active attacks on RPC clients or
services that one might install on Owl.  (There're no RPC services
included with Owl.)

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information