OpenCVE

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd
Microsoft	Windows 2000 Windows Nt Windows Xp
Openbsd	Openbsd
Redhat	Enterprise Linux Linux
Sun	Solaris Sunos

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:openbsd:openbsd:3.1:::::::*
	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:solaris:9.0:::::sparc::
	cpe:2.3:o:sun:sunos:5.5.1:::::::*
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2002:167	2002-08-06T00:00:00Z
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2002:173	2002-09-05T00:00:00Z
Red Hat Linux 6.2
	cpe:/o:redhat:linux:6.2	RHSA-2002:166	2002-08-13T00:00:00Z
	cpe:/o:redhat:linux:6.2	RHSA-2002:172	2002-08-15T00:00:00Z
Red Hat Linux 7.0
	cpe:/o:redhat:linux:7.0	RHSA-2002:166	2002-08-13T00:00:00Z
	cpe:/o:redhat:linux:7.0	RHSA-2002:172	2002-08-15T00:00:00Z
Red Hat Linux 7.1
	cpe:/o:redhat:linux:7.1	RHSA-2002:166	2002-08-13T00:00:00Z
	cpe:/o:redhat:linux:7.1	RHSA-2002:172	2002-08-15T00:00:00Z
	cpe:/o:redhat:linux:7.1	RHSA-2003:168	2003-04-29T00:00:00Z
	cpe:/o:redhat:linux:7.1	RHSA-2003:212	2003-06-26T00:00:00Z
Red Hat Linux 7.2
	cpe:/o:redhat:linux:7.2	RHSA-2002:166	2002-08-13T00:00:00Z
	cpe:/o:redhat:linux:7.2	RHSA-2002:172	2002-08-15T00:00:00Z
Red Hat Linux 7.3
	cpe:/o:redhat:linux:7.3	RHSA-2002:166	2002-08-13T00:00:00Z
	cpe:/o:redhat:linux:7.3	RHSA-2002:172	2002-08-15T00:00:00Z

References

Link	Providers
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
http://marc.info/?l=bugtraq&m=102813809232532&w=2
http://marc.info/?l=bugtraq&m=102821785316087&w=2
http://marc.info/?l=bugtraq&m=102821928418261&w=2
http://marc.info/?l=bugtraq&m=102831443208382&w=2
http://marc.info/?l=bugtraq&m=103158632831416&w=2
http://online.securityfocus.com/advisories/4402
http://online.securityfocus.com/archive/1/285740
http://rhn.redhat.com/errata/RHSA-2002-166.html
http://rhn.redhat.com/errata/RHSA-2002-172.html
http://www.cert.org/advisories/CA-2002-25.html
http://www.debian.org/security/2002/dsa-142
http://www.debian.org/security/2002/dsa-143
http://www.debian.org/security/2002/dsa-146
http://www.debian.org/security/2002/dsa-149
http://www.debian.org/security/2003/dsa-333
http://www.iss.net/security_center/static/9170.php
http://www.kb.cert.org/vuls/id/192995
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
http://www.redhat.com/support/errata/RHSA-2002-167.html
http://www.redhat.com/support/errata/RHSA-2002-173.html
http://www.redhat.com/support/errata/RHSA-2003-168.html
http://www.redhat.com/support/errata/RHSA-2003-212.html
http://www.securityfocus.com/bid/5356
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
https://nvd.nist.gov/vuln/detail/CVE-2002-0391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
https://www.cve.org/CVERecord?id=CVE-2002-0391

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2024-08-08T02:49:28.492Z

Reserved: 2002-05-28T00:00:00

Link: CVE-2002-0391

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-08-12T04:00:00.000

Modified: 2024-11-20T23:38:57.970

Link: CVE-2002-0391

Redhat

Severity : Important

Publid Date: 2002-07-29T00:00:00Z

Links: CVE-2002-0391 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object