Executive Summary
Summary | |
---|---|
Title | New dietlibc packages fix integer overflows |
Informations | |||
---|---|---|---|
Name | DSA-146 | First vendor Publication | 2002-08-08 |
Vendor | Debian | Last vendor Modification | 2002-08-08 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The upstream author of dietlibc, Felix von Leitner, discovered a potential division by zero chance in the fwrite and calloc integer overflow checks, which are fixed in the version below. The new version includes fixes from DSA 146-1. For completness we enclose the text of the other advisory: An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the calloc, fread and fwrite code. They are also more strict regarding hostile DNS packets that could lead to a vulnerability otherwise. This problem has been fixed in version 0.12-2.4 for the current stable distribution (woody) and in version 0.20-0cvs20020808 for the unstable distribution (sid). Debian 2.2 (potato) is not affected since it doesn't contain dietlibc packages. We recommend that you upgrade your dietlibc packages immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody |
Original Source
Url : http://www.debian.org/security/2002/dsa-146 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-92 | Forced Integer Overflow |
CAPEC-128 | Integer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:42 | |||
Oval ID: | oval:org.mitre.oval:def:42 | ||
Title: | Solaris 7 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 7 | Product(s): | libnsl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4728 | |||
Oval ID: | oval:org.mitre.oval:def:4728 | ||
Title: | SunRPC xdr_array Function Integer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 2 |
Platform(s): | Sun Solaris 7 | Product(s): | Sun RPC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9 | |||
Oval ID: | oval:org.mitre.oval:def:9 | ||
Title: | Solaris 8 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 8 | Product(s): | libnsl |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 142-1 (openafs) File : nvt/deb_142_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 143-1 (krb5) File : nvt/deb_143_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-1 (dietlibc) File : nvt/deb_146_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-2 (dietlibc) File : nvt/deb_146_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-1 (glibc) File : nvt/deb_149_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-2 (glibc) File : nvt/deb_149_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 333-1 (acm) File : nvt/deb_333_1.nasl |
2005-11-03 | Name : Sun rpc.cmsd overflow File : nvt/rpc_cmsd_overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16003 | Multiple Vendor SunRPC XDR Primitive xdr_array Remote Overflow SunRPC as used by several operating systems contain a flaw that may allow a remote attacker to gain privileges. The issue is due to the RPC servers using libc, glibc or other code based on SunRPC not properly sanitizing user-supplied input. By passing a large number of arguments to the xdr_array function to RPC services such as rpc.cmsd or dmispd, an attacker can leverage an integer overflow to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095-community - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095 - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094-community - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094 - Revision : 18 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-142.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-143.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-146.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-149.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-333.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-057.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-061.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2002_031.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-167.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-173.nasl - Type : ACT_GATHER_INFO |
2003-03-19 | Name : Arbitrary code may be run on the remote server. File : rpc_cmsd_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:12 |
|