Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 RPC:XDR-INTEGER-OVERFLOW

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 RPC

Keywords

 XDR Integer Overflow

Release Date

 2003/06/04

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

RPC: XDR Integer Overflow


This signature detects attempts to exploit a known vulnerability against the SUN XDR/RPC library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the logged in user.

Extended Description

A vulnerability has been discovered in the Sun XDR library. Specifically, an integer overflow as been found in the xdrmem_getbytes() function. As a result, applications implementing the vulnerable library call may be prone to denial of service attacks. It should be noted that the vulnerable library code has been implemented by various libraries including BSD's libc, Glibc, and Sun Microsystem's libnsl.

Affected Products

  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Cray UNICOS 6.0.0
  • Cray UNICOS 6.0.0 E
  • Cray UNICOS 6.1.0
  • Cray UNICOS 7.0.0
  • Cray UNICOS 8.0.0
  • Cray UNICOS 8.3.0
  • Cray UNICOS 9.0.0
  • Cray UNICOS 9.0.2 .5
  • Cray UNICOS 9.2.0
  • Cray UNICOS 9.2.0 .4
  • diet libc 0.12.0
  • diet libc 0.15.0
  • diet libc 0.16.0
  • diet libc 0.17.0
  • diet libc 0.18.0
  • diet libc 0.19.0
  • FreeBSD 4.0.0
  • FreeBSD 4.1.0
  • FreeBSD 4.1.1
  • FreeBSD 4.1.1 -RELEASE
  • FreeBSD 4.1.1 -STABLE
  • FreeBSD 4.2.0
  • FreeBSD 4.2.0 -RELEASE
  • FreeBSD 4.2.0 -STABLE
  • FreeBSD 4.3.0
  • FreeBSD 4.3.0 -RELEASE
  • FreeBSD 4.3.0 -STABLE
  • FreeBSD 4.4.0
  • FreeBSD 4.4.0 -STABLE
  • FreeBSD 4.5.0
  • FreeBSD 4.5.0 -RELEASE
  • FreeBSD 4.5.0 -STABLE
  • FreeBSD 4.6.0
  • FreeBSD 4.6.0 -RELEASE
  • FreeBSD 4.6.0 -STABLE
  • FreeBSD 4.6.2
  • FreeBSD 4.7.0
  • FreeBSD 4.7.0 -RELEASE
  • FreeBSD 4.7.0 -STABLE
  • FreeBSD 5.0.0
  • GNU glibc 2.1.0
  • GNU glibc 2.1.1
  • GNU glibc 2.1.2
  • GNU glibc 2.1.3
  • GNU glibc 2.2.0
  • GNU glibc 2.2.1
  • GNU glibc 2.2.2
  • GNU glibc 2.2.3
  • GNU glibc 2.2.4
  • GNU glibc 2.2.5
  • GNU glibc 2.3.0
  • GNU glibc 2.3.1
  • GNU glibc 2.3.2
  • HP HP-UX 10.20.0
  • HP HP-UX 10.20.0 Series 700
  • HP HP-UX 10.20.0 Series 800
  • HP HP-UX 10.24.0
  • HP HP-UX 11.0.0
  • HP HP-UX 11.0.0 4
  • HP HP-UX 11.11.0
  • HP HP-UX 11.20.0
  • HP HP-UX 11.22.0
  • IBM AIX 4.3.3
  • IBM AIX 5.1
  • IBM AIX 5.2
  • MIT Kerberos 5 1.1.1
  • MIT Kerberos 5 1.2.0
  • MIT Kerberos 5 1.2.1
  • MIT Kerberos 5 1.2.2
  • MIT Kerberos 5 1.2.3
  • MIT Kerberos 5 1.2.4
  • MIT Kerberos 5 1.2.5
  • MIT Kerberos 5 1.2.6
  • MIT Kerberos 5 1.2.7
  • OpenAFS 1.0.0
  • OpenAFS 1.0.1
  • OpenAFS 1.0.2
  • OpenAFS 1.0.3
  • OpenAFS 1.0.4
  • OpenAFS 1.0.4 A
  • OpenAFS 1.1.0
  • OpenAFS 1.1.1
  • OpenAFS 1.1.1 A
  • OpenAFS 1.2.0
  • OpenAFS 1.2.1
  • OpenAFS 1.2.2
  • OpenAFS 1.2.2 A
  • OpenAFS 1.2.2 B
  • OpenAFS 1.2.3
  • OpenAFS 1.2.4
  • OpenAFS 1.2.5
  • OpenAFS 1.2.6
  • OpenAFS 1.3.0
  • OpenAFS 1.3.1
  • OpenAFS 1.3.2
  • OpenBSD 2.0.0
  • OpenBSD 2.1.0
  • OpenBSD 2.2.0
  • OpenBSD 2.3.0
  • OpenBSD 2.4.0
  • OpenBSD 2.5.0
  • OpenBSD 2.6.0
  • OpenBSD 2.7.0
  • OpenBSD 2.8.0
  • OpenBSD 2.9.0
  • OpenBSD 3.0
  • OpenBSD 3.1
  • OpenBSD 3.2
  • SGI IRIX 6.5.0
  • SGI IRIX 6.5.1
  • SGI IRIX 6.5.10
  • SGI IRIX 6.5.10 f
  • SGI IRIX 6.5.10 m
  • SGI IRIX 6.5.11
  • SGI IRIX 6.5.11 f
  • SGI IRIX 6.5.11 m
  • SGI IRIX 6.5.12
  • SGI IRIX 6.5.12 f
  • SGI IRIX 6.5.12 m
  • SGI IRIX 6.5.13
  • SGI IRIX 6.5.13 f
  • SGI IRIX 6.5.13 m
  • SGI IRIX 6.5.14
  • SGI IRIX 6.5.14 f
  • SGI IRIX 6.5.14 m
  • SGI IRIX 6.5.15
  • SGI IRIX 6.5.15 f
  • SGI IRIX 6.5.15 m
  • SGI IRIX 6.5.16
  • SGI IRIX 6.5.16 f
  • SGI IRIX 6.5.16 m
  • SGI IRIX 6.5.17
  • SGI IRIX 6.5.17 f
  • SGI IRIX 6.5.17 m
  • SGI IRIX 6.5.18
  • SGI IRIX 6.5.18 f
  • SGI IRIX 6.5.18 m
  • SGI IRIX 6.5.19
  • SGI IRIX 6.5.19 F
  • SGI IRIX 6.5.19 M
  • SGI IRIX 6.5.2
  • SGI IRIX 6.5.20
  • SGI IRIX 6.5.2 f
  • SGI IRIX 6.5.2 m
  • SGI IRIX 6.5.3
  • SGI IRIX 6.5.3 f
  • SGI IRIX 6.5.3 m
  • SGI IRIX 6.5.4
  • SGI IRIX 6.5.4 f
  • SGI IRIX 6.5.4 m
  • SGI IRIX 6.5.5
  • SGI IRIX 6.5.5 f
  • SGI IRIX 6.5.5 m
  • SGI IRIX 6.5.6
  • SGI IRIX 6.5.6 f
  • SGI IRIX 6.5.6 m
  • SGI IRIX 6.5.7
  • SGI IRIX 6.5.7 f
  • SGI IRIX 6.5.7 m
  • SGI IRIX 6.5.8
  • SGI IRIX 6.5.8 f
  • SGI IRIX 6.5.8 m
  • SGI IRIX 6.5.9
  • SGI IRIX 6.5.9 f
  • SGI IRIX 6.5.9 m
  • Sun Solaris 2.5.1
  • Sun Solaris 2.5.1_x86
  • Sun Solaris 2.6
  • Sun Solaris 2.6_x86
  • Sun Solaris 7.0
  • Sun Solaris 7.0_x86
  • Sun Solaris 8 Sparc
  • Sun Solaris 8 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86

References

  • BugTraq: 7123
  • CERT: CA-2003-10
  • CVE: CVE-2003-0028
  • URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
  • URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out