10

CVE-2002-0391

Exploit

EPSS 7.42%
Published 12.08.2002 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Affected products Warnungen 0 Metrics 4 CWE 1 References 41

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version <= 4.6.1

Openbsd ≫ Openbsd Version3.1

Sun ≫ Solaris Version2.6

Sun ≫ Solaris Version9.0 SwPlatformsparc

Sun ≫ Sunos Version5.5.1

Sun ≫ Sunos Version5.7

Sun ≫ Sunos Version5.8

Microsoft ≫ Windows 2000 Version-

Microsoft ≫ Windows Nt Version4.0

Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.42%	0.914

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://www.redhat.com/support/errata/RHSA-2002-167.html

Broken Link

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt

Broken Link

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P

Broken Link

http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

Broken Link

http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html

Broken Link

http://archives.neohapsis.com/archives/hp/2002-q3/0077.html

Broken Link

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823

Vendor Advisory

Broken Link

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515

Broken Link

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535

Broken Link

http://marc.info/?l=bugtraq&m=102813809232532&w=2

Exploit

Mailing List

http://marc.info/?l=bugtraq&m=102821785316087&w=2

Exploit

Mailing List

http://marc.info/?l=bugtraq&m=102821928418261&w=2

Exploit

Mailing List

http://marc.info/?l=bugtraq&m=102831443208382&w=2

Exploit

Mailing List

http://marc.info/?l=bugtraq&m=103158632831416&w=2

Mailing List

http://online.securityfocus.com/advisories/4402

Third Party Advisory

Broken Link

VDB Entry

http://online.securityfocus.com/archive/1/285740

Third Party Advisory

Broken Link

VDB Entry

http://rhn.redhat.com/errata/RHSA-2002-166.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2002-172.html

Broken Link

http://www.cert.org/advisories/CA-2002-25.html

Patch

Third Party Advisory

US Government Resource

http://www.debian.org/security/2002/dsa-142

Broken Link

http://www.debian.org/security/2002/dsa-143

Broken Link

http://www.debian.org/security/2002/dsa-146

Broken Link

http://www.debian.org/security/2002/dsa-149

Broken Link

http://www.debian.org/security/2003/dsa-333

Broken Link

http://www.iss.net/security_center/static/9170.php

Broken Link

http://www.kb.cert.org/vuls/id/192995

Third Party Advisory

US Government Resource

http://www.linuxsecurity.com/advisories/other_advisory-2399.html

Broken Link

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057

Broken Link

http://www.redhat.com/support/errata/RHSA-2002-173.html

Broken Link

http://www.redhat.com/support/errata/RHSA-2003-168.html

Broken Link

http://www.redhat.com/support/errata/RHSA-2003-212.html

Broken Link

http://www.securityfocus.com/bid/5356

Third Party Advisory

Broken Link

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2002-0391

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-0391

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-0391

EUVD