| VID |
12039 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The SunRPC portmap service has a buffer overflow vulnerability in XDR library. XDR (external data representation) libraries are used to provide platform-independent methods for sending data from one system process to another, typically over a network connection. Such routines are commonly used in remote procedure call (RPC) implementations to provide transparency to application programmers who need to use common interfaces to interact with many different types of systems. There is an integer overflow in the xdrmem_getbytes() function distributed as part of the Sun Microsystems XDR library. This overflow can cause remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code.
Because SunRPC-derived XDR libraries are used by a variety of vendors in a variety of applications, this defect may lead to a number of security problems. Exploiting this vulnerability will lead to denial of service, execution of arbitrary code, or the disclosure of sensitive information.
* Note: This check may have crashed the rpcbind service by performing an actually test to assess this vulnerability. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.eeye.com/html/Research/Advisories/AD20030318.html
http://www.cert.org/advisories/CA-2003-10.html
http://www.kb.cert.org/vuls/id/516825
http://www.securityfocus.com/archive/1/315599
http://www.securitytracker.com/alerts/2003/Mar/1006295.html
* Platforms Affected:
Sun Microsystems Network Services Library (libnsl)
BSD-derived libraries with XDR/RPC routines (libc)
GNU C library with sunrpc (glibc)
Solaris 2.6, 7, 8 and 9
AIX 4.3.3, 5.1.0 and 5.2.0
Linux Any version |
| Recommendation |
Until patches are available and can be applied, disable all RPC services including rpcbind that are not explicitly required.
-- OR --
Apply the appropriate patch or upgrade as specified by your vendor.
For Sun Solaris:
Apply the appropriate patch for your system, available from "Sun Alert 51884" at:
http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/51884
For IBM AIX:
Apply the appropriate patch for your system, available from the each IBM AIX APAR document.
APAR number for AIX 4.3.3: IY38524
http://www-1.ibm.com/support/docview.wss?uid=isg1IY38524
APAR number for AIX 5.1.0: IY38434
http://www-1.ibm.com/support/docview.wss?uid=isg1IY38434
APAR number for AIX 5.2.0: IY39231
http://www-1.ibm.com/support/docview.wss?uid=isg1IY39231
For other distributions:
Contact your vendor for upgrade or patch information. Or see the CERT Advisory CA-2003-10, http://www.cert.org/advisories/CA-2003-10.html |
| Related URL |
CVE-2003-0028 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
11563 (ISS) |
|
