Openwall GNU/*/Linux Information for VU#192995

Integer overflow in xdr_array() function when deserializing the XDR stream



Vendor Statement

The xdr_array(3) integer overflow was present in the glibc package on
Openwall GNU/*/Linux until 2002/08/01 when it was corrected for
Owl-current and documented as a security fix in the system-wide change
log available at:

The same glibc package update also fixes a very similar but different
integer overflow possibility that is currently not known to
allow for an attack on a particular application, but has been patched
as a proactive measure.  The Sun RPC xdr_array(3) overflow may allow
for passive attacks on mount(8) by malicious or spoofed NFSv3 servers
as well as for both passive and active attacks on RPC clients or
services that one might install on Owl.  (There're no RPC services
included with Owl.)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.