Vulnerability Name:

CVE-2002-0391 (CCN-9170)

Assigned:2002-07-31
Published:2002-07-31
Updated:2018-10-30
Summary:Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-055.0

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc
Sun RPC XDR decoder contains buffer overflow

Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:05
security issues in ports

Source: CCN
Type: NetBSD Security Advisory 2002-011
Sun RPC XDR decoder contains buffer overflow

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2002-011

Source: CCN
Type: SCO Security Advisory CSSA-2002-055.0
Linux: RPC XDR buffer overflow

Source: CCN
Type: SGI Security Advisory 20020801-01-A
Sun RPC xdr_array vulnerability

Source: SGI
Type: UNKNOWN
20020801-01-A

Source: SGI
Type: UNKNOWN
20020801-01-P

Source: AIXAPAR
Type: UNKNOWN
IY34194

Source: BUGTRAQ
Type: UNKNOWN
20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers

Source: HP
Type: UNKNOWN
HPSBUX0209-215

Source: CCN
Type: Internet Security Systems Security Advisory, July 31, 2002
Remote Buffer Overflow Vulnerability in Sun RPC

Source: ISS
Type: Vendor Advisory
20020731 Remote Buffer Overflow Vulnerability in Sun RPC

Source: CCN
Type: Compaq SECURITY BULLETIN SRB0039W
HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service

Source: MITRE
Type: CNA
CVE-2002-0391

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:515

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:535

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:515
krb5 -- Integer overflow in Kerberos' remote administration service

Source: BUGTRAQ
Type: UNKNOWN
20020731 Remote Buffer Overflow Vulnerability in Sun RPC

Source: BUGTRAQ
Type: UNKNOWN
20020801 RPC analysis

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:34.rpc

Source: BUGTRAQ
Type: UNKNOWN
20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin

Source: BUGTRAQ
Type: UNKNOWN
20020909 GLSA: glibc

Source: HP
Type: UNKNOWN
HPSBTL0208-061

Source: BUGTRAQ
Type: UNKNOWN
20020802 kerberos rpc xdr_array

Source: CCN
Type: RHSA-2002-166
Updated glibc packages fix vulnerabilities in RPC XDR decoder

Source: REDHAT
Type: UNKNOWN
RHSA-2002:166

Source: CCN
Type: RHSA-2002-167
glibc security update

Source: CCN
Type: RHSA-2002-172
Updated krb5 packages fix remote buffer overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2002:172

Source: CCN
Type: RHSA-2002-173
krb5 security update

Source: CCN
Type: RHSA-2003-168
Updated kerberos packages fix various vulnerabilities

Source: CCN
Type: RHSA-2003-212
Updated glibc packages fix vulnerabilities

Source: CCN
Type: Sun Microsystems Web site
SunSolve Online

Source: CCN
Type: Sun Alert ID: 46122
Security Vulnerability in the Network Services Library, libnsl(3LIB)

Source: CCN
Type: MIT krb5 Security Advisory 2002-001
Remote root vulnerability in MIT krb5 admin system

Source: CCN
Type: CERT Advisory CA-2002-25
Integer Overflow In XDR Library

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2002-25

Source: CCN
Type: CIAC Information Bulletin M-111
Integer Overflow in External Data Representation (XDR) Library

Source: DEBIAN
Type: UNKNOWN
DSA-142

Source: DEBIAN
Type: UNKNOWN
DSA-143

Source: DEBIAN
Type: UNKNOWN
DSA-146

Source: DEBIAN
Type: UNKNOWN
DSA-149

Source: DEBIAN
Type: UNKNOWN
DSA-333

Source: DEBIAN
Type: DSA-142
openafs -- integer overflow

Source: DEBIAN
Type: DSA-143
krb5 -- integer overflow

Source: DEBIAN
Type: DSA-146
dietlibc -- integer overflow

Source: DEBIAN
Type: DSA-149
glibc -- integer overflow

Source: DEBIAN
Type: DSA-333
acm -- integer overflow

Source: CCN
Type: Apple Computer, Inc. Product Security Incident Response
Security Update 2002-08-02

Source: XF
Type: UNKNOWN
sunrpc-xdr-array-bo(9170)

Source: CCN
Type: US-CERT VU#192995
Integer overflow in xdr_array() function when deserializing the XDR stream

Source: CERT-VN
Type: US Government Resource
VU#192995

Source: ENGARDE
Type: UNKNOWN
ESA-20021003-021

Source: CCN
Type: Trustix Secure Linux Security Advisory #2002-0067
glibc

Source: CCN
Type: Gentoo Linux Security Announcement 2002-09-05 11:00 UTC
integer overflow

Source: CCN
Type: Gentoo Linux Security Announcement 2002-09-27 10:00 UTC
glibc

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20021003-021
several security-related updates.

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:057

Source: CCN
Type: Microsoft Security Bulletin MS02-057
Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution (Q329209)

Source: CCN
Type: OpenAFS Security Advisory 2002-001
Remote root vulnerability in OpenAFS servers

Source: CCN
Type: OpenBSD 3.1 errata
012: SECURITY FIX: July 29, 2002

Source: REDHAT
Type: UNKNOWN
RHSA-2002:167

Source: REDHAT
Type: UNKNOWN
RHSA-2002:173

Source: REDHAT
Type: UNKNOWN
RHSA-2003:168

Source: REDHAT
Type: UNKNOWN
RHSA-2003:212

Source: BID
Type: UNKNOWN
5356

Source: CCN
Type: BID-5356
Multiple Vendor Sun RPC xdr_array Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS02-057

Source: XF
Type: UNKNOWN
sunrpc-xdr-array-bo(9170)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:42

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4728

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:*:release_p5:*:*:*:*:*:* (Version <= 4.6.1)
  • OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:ports_collection:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_services_for_unix:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:current:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/a:mit:kerberos:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9
    V
    		Solaris 8 RPC xdr_array Buffer Overflow
    2010-09-20
    oval:org.mitre.oval:def:42
    V
    		Solaris 7 RPC xdr_array Buffer Overflow
    2010-09-20
    oval:org.mitre.oval:def:4728
    V
    		SunRPC xdr_array Function Integer Overflow
    2006-09-27
    oval:org.debian:def:333
    V
    		integer overflow
    2003-06-27
    oval:org.debian:def:149
    V
    		integer overflow
    2002-08-13
    oval:org.debian:def:146
    V
    		integer overflow
    2002-08-08
    oval:org.debian:def:142
    V
    		integer overflow
    2002-08-05
    oval:org.debian:def:143
    V
    		integer overflow
    2002-08-05
    BACK
    freebsd freebsd * release_p5
    openbsd openbsd 3.1
    sun solaris 2.6
    sun solaris 9.0
    sun sunos 5.5.1
    sun sunos 5.7
    sun sunos 5.8
    sun solaris 2.5.1
    sun solaris 2.6
    hp hp-ux 10.20
    sun solaris 8
    sun solaris 9
    sun solaris 7.0
    hp hp-ux 11.00
    compaq tru64 4.0f
    netbsd netbsd 1.4.1
    redhat linux 6.2
    hp hp-ux 11.04
    debian debian linux 2.2
    netbsd netbsd 1.4.2
    mandrakesoft mandrake linux 7.1
    freebsd ports collection *
    redhat linux 7
    netbsd netbsd 1.4
    hp hp-ux 11.11
    mandrakesoft mandrake linux 7.2
    netbsd netbsd 1.5
    hp hp-ux 10.24
    suse suse linux 7.0
    compaq tru64 4.0g
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    suse suse linux 7.2
    netbsd netbsd 1.4.3
    netbsd netbsd 1.5.1
    compaq tru64 5.0a
    compaq tru64 5.1
    compaq tru64 5.1a
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    netbsd netbsd 1.5.2
    engardelinux secure linux -
    suse suse linux firewall *
    suse suse linux database server *
    suse suse email server iii
    suse suse linux connectivity server *
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    novell suse linux enterprise server *
    netbsd netbsd 1.6 beta
    gentoo linux *
    suse suse linux office server *
    netbsd netbsd 1.5.3
    microsoft windows services for unix 3.0
    hp hp-ux 11.22
    netbsd netbsd current
    redhat enterprise linux 2.1
    mit kerberos *
    redhat linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2