Executive Summary
Summary | |
---|---|
Title | New krb5 packages fix integer overflow bug |
Informations | |||
---|---|---|---|
Name | DSA-143 | First vendor Publication | 2002-08-05 |
Vendor | Debian | Last vendor Modification | 2002-08-05 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An integer overflow bug has been discovered in the RPC library used by the Kerberos 5 administration system, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet. This problem has been fixed in version 1.2.4-5woody1 for the current stable distribution (woody) and in version 1.2.5-2 for the unstable distribution (sid). Debian 2.2 (potato) is not affected since it doesn't contain krb5 packages. We recommend that you upgrade your kerberos packages immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody |
Original Source
Url : http://www.debian.org/security/2002/dsa-143 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-92 | Forced Integer Overflow |
CAPEC-128 | Integer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:42 | |||
Oval ID: | oval:org.mitre.oval:def:42 | ||
Title: | Solaris 7 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 7 | Product(s): | libnsl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4728 | |||
Oval ID: | oval:org.mitre.oval:def:4728 | ||
Title: | SunRPC xdr_array Function Integer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 2 |
Platform(s): | Sun Solaris 7 | Product(s): | Sun RPC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9 | |||
Oval ID: | oval:org.mitre.oval:def:9 | ||
Title: | Solaris 8 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 8 | Product(s): | libnsl |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 142-1 (openafs) File : nvt/deb_142_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 143-1 (krb5) File : nvt/deb_143_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-1 (dietlibc) File : nvt/deb_146_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-2 (dietlibc) File : nvt/deb_146_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-1 (glibc) File : nvt/deb_149_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-2 (glibc) File : nvt/deb_149_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 333-1 (acm) File : nvt/deb_333_1.nasl |
2005-11-03 | Name : Sun rpc.cmsd overflow File : nvt/rpc_cmsd_overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16003 | Multiple Vendor SunRPC XDR Primitive xdr_array Remote Overflow SunRPC as used by several operating systems contain a flaw that may allow a remote attacker to gain privileges. The issue is due to the RPC servers using libc, glibc or other code based on SunRPC not properly sanitizing user-supplied input. By passing a large number of arguments to the xdr_array function to RPC services such as rpc.cmsd or dmispd, an attacker can leverage an integer overflow to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095-community - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095 - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094-community - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094 - Revision : 18 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-142.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-143.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-146.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-149.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-333.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-057.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-061.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2002_031.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-167.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-173.nasl - Type : ACT_GATHER_INFO |
2003-03-19 | Name : Arbitrary code may be run on the remote server. File : rpc_cmsd_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:05 |
|