[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2002-0391Date: (C)2002-08-12   (M)2024-02-16


Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 10.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://marc.info/?l=bugtraq&m=102813809232532&w=2
http://marc.info/?l=bugtraq&m=102821785316087&w=2
20020801-01-A
20020801-01-P
http://marc.info/?l=bugtraq&m=102831443208382&w=2
http://online.securityfocus.com/archive/1/285740
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
http://marc.info/?l=bugtraq&m=103158632831416&w=2
BID-5356
CA-2002-25
CLA-2002:515
CLA-2002:535
CSSA-2002-055.0
DSA-142
DSA-143
DSA-146
DSA-149
DSA-333
ESA-20021003-021
FreeBSD-SA-02:34.rpc
HPSBTL0208-061
HPSBUX0209-215
IY34194
MDKSA-2002:057
MS02-057
NetBSD-SA2002-011
RHSA-2002:166
RHSA-2002:167
RHSA-2002:172
RHSA-2002:173
RHSA-2003:168
RHSA-2003:212
VU#192995
oval:org.mitre.oval:def:42
oval:org.mitre.oval:def:4728
oval:org.mitre.oval:def:9
sunrpc-xdr-array-bo(9170)

CWE    1
CWE-190

© SecPod Technologies