Executive Summary
Summary | |
---|---|
Title | New acm packages fix integer overflow |
Informations | |||
---|---|---|---|
Name | DSA-333 | First vendor Publication | 2003-06-27 |
Vendor | Debian | Last vendor Modification | 2003-06-27 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
acm, a multi-player aerial combat simulation, uses a network protocol based on the same RPC implementation used in many C libraries. This implementation was found to contain an integer overflow vulnerability which could be exploited to execute arbitrary code. For the stable distribution (woody) this problem has been fixed in version 5.0-3.woody.1. For the unstable distribution (sid) this problem has been fixed in version 5.0-10. We recommend that you update your acm package. |
Original Source
Url : http://www.debian.org/security/2003/dsa-333 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-92 | Forced Integer Overflow |
CAPEC-128 | Integer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:42 | |||
Oval ID: | oval:org.mitre.oval:def:42 | ||
Title: | Solaris 7 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 7 | Product(s): | libnsl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4728 | |||
Oval ID: | oval:org.mitre.oval:def:4728 | ||
Title: | SunRPC xdr_array Function Integer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 2 |
Platform(s): | Sun Solaris 7 | Product(s): | Sun RPC |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9 | |||
Oval ID: | oval:org.mitre.oval:def:9 | ||
Title: | Solaris 8 RPC xdr_array Buffer Overflow | ||
Description: | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-0391 | Version: | 4 |
Platform(s): | Sun Solaris 8 | Product(s): | libnsl |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 142-1 (openafs) File : nvt/deb_142_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 143-1 (krb5) File : nvt/deb_143_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-1 (dietlibc) File : nvt/deb_146_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 146-2 (dietlibc) File : nvt/deb_146_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-1 (glibc) File : nvt/deb_149_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 149-2 (glibc) File : nvt/deb_149_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 333-1 (acm) File : nvt/deb_333_1.nasl |
2005-11-03 | Name : Sun rpc.cmsd overflow File : nvt/rpc_cmsd_overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16003 | Multiple Vendor SunRPC XDR Primitive xdr_array Remote Overflow SunRPC as used by several operating systems contain a flaw that may allow a remote attacker to gain privileges. The issue is due to the RPC servers using libc, glibc or other code based on SunRPC not properly sanitizing user-supplied input. By passing a large number of arguments to the xdr_array function to RPC services such as rpc.cmsd or dmispd, an attacker can leverage an integer overflow to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095-community - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD TCP CMSD_CREATE array buffer overflow attempt RuleID : 2095 - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094-community - Revision : 18 - Type : PROTOCOL-RPC |
2014-01-10 | CMSD UDP CMSD_CREATE array buffer overflow attempt RuleID : 2094 - Revision : 18 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-142.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-143.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-146.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-149.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-333.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-057.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-061.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2002_031.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-167.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-173.nasl - Type : ACT_GATHER_INFO |
2003-03-19 | Name : Arbitrary code may be run on the remote server. File : rpc_cmsd_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:43 |
|