Openwall GNU/*/Linux Information for VU#516825

Integer overflow in Sun RPC XDR library routines


Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

The xdrmem_getbytes() integer overflow discovered by eEye Digital Security was present in the glibc package on Openwall GNU/*/Linux until 2003/03/23 when it was corrected for Owl-current (with a back-port from the glibc CVS) and documented as a security fix in the system-wide change log available at:

Please note that Owl does not include any RPC services (but it does include a few RPC clients).  It has not been fully researched whether an Owl install with no third-party software added is affected by this vulnerability at all.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.