Sun.RPC.Xdrmem.Getbytes.Integer.Overflow
Description
This indicates an attack attempt against an integer-overflow vulnerability in SUN RPC XDR library.
The vulnerability is caused by an error in the xdrmem_getbytes() routine when handling malicious procedure arguments. By sending a specially crafted RPC call packet, a remote attacker could execute arbitrary code on a vulnerable system.
Affected Products
Sun Microsystems Network Services Library (libnsl)
BSD-derived libraries with XDR/RPC routines (libc)
GNU C library with sunrpc (glibc)
Impact
System compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
RedHat:
http://rhn.redhat.com/errata/RHSA-2003-091.html
DEBIAN:
http://www.debian.org/security/2003/dsa-272
MANDRAKE:
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
SUSE:
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |