CVE-2003-0028

Exploit

EPSS 56.05%
Published 25.03.2003 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Affected products Warnungen 0 Metrics 2 CWE 0 References 28

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version2.1

Gnu ≫ Glibc Version2.1.1

Gnu ≫ Glibc Version2.1.2

Gnu ≫ Glibc Version2.1.3

Gnu ≫ Glibc Version2.2

Gnu ≫ Glibc Version2.2.1

Gnu ≫ Glibc Version2.2.2

Gnu ≫ Glibc Version2.2.3

Gnu ≫ Glibc Version2.2.4

Gnu ≫ Glibc Version2.2.5

Gnu ≫ Glibc Version2.3

Gnu ≫ Glibc Version2.3.1

Gnu ≫ Glibc Version2.3.2

Mit ≫ Kerberos 5 Version1.2

Mit ≫ Kerberos 5 Version1.2.1

Mit ≫ Kerberos 5 Version1.2.2

Mit ≫ Kerberos 5 Version1.2.3

Mit ≫ Kerberos 5 Version1.2.4

Mit ≫ Kerberos 5 Version1.2.5

Mit ≫ Kerberos 5 Version1.2.6

Mit ≫ Kerberos 5 Version1.2.7

Openafs ≫ Openafs Version1.0

Openafs ≫ Openafs Version1.0.1

Openafs ≫ Openafs Version1.0.2

Openafs ≫ Openafs Version1.0.3

Openafs ≫ Openafs Version1.0.4

Openafs ≫ Openafs Version1.0.4a

Openafs ≫ Openafs Version1.1

Openafs ≫ Openafs Version1.1.1

Openafs ≫ Openafs Version1.1.1a

Openafs ≫ Openafs Version1.2

Openafs ≫ Openafs Version1.2.1

Openafs ≫ Openafs Version1.2.2

Openafs ≫ Openafs Version1.2.2a

Openafs ≫ Openafs Version1.2.2b

Openafs ≫ Openafs Version1.2.3

Openafs ≫ Openafs Version1.2.4

Openafs ≫ Openafs Version1.2.5

Openafs ≫ Openafs Version1.2.6

Openafs ≫ Openafs Version1.3

Openafs ≫ Openafs Version1.3.1

Openafs ≫ Openafs Version1.3.2

Sgi ≫ Irix Version6.5

Sgi ≫ Irix Version6.5.1

Sgi ≫ Irix Version6.5.2

Sgi ≫ Irix Version6.5.2f

Sgi ≫ Irix Version6.5.2m

Sgi ≫ Irix Version6.5.3

Sgi ≫ Irix Version6.5.3f

Sgi ≫ Irix Version6.5.3m

Sgi ≫ Irix Version6.5.4

Sgi ≫ Irix Version6.5.4f

Sgi ≫ Irix Version6.5.4m

Sgi ≫ Irix Version6.5.5

Sgi ≫ Irix Version6.5.5f

Sgi ≫ Irix Version6.5.5m

Sgi ≫ Irix Version6.5.6

Sgi ≫ Irix Version6.5.6f

Sgi ≫ Irix Version6.5.6m

Sgi ≫ Irix Version6.5.7

Sgi ≫ Irix Version6.5.7f

Sgi ≫ Irix Version6.5.7m

Sgi ≫ Irix Version6.5.8

Sgi ≫ Irix Version6.5.8f

Sgi ≫ Irix Version6.5.8m

Sgi ≫ Irix Version6.5.9

Sgi ≫ Irix Version6.5.9f

Sgi ≫ Irix Version6.5.9m

Sgi ≫ Irix Version6.5.10

Sgi ≫ Irix Version6.5.10f

Sgi ≫ Irix Version6.5.10m

Sgi ≫ Irix Version6.5.11

Sgi ≫ Irix Version6.5.11f

Sgi ≫ Irix Version6.5.11m

Sgi ≫ Irix Version6.5.12

Sgi ≫ Irix Version6.5.12f

Sgi ≫ Irix Version6.5.12m

Sgi ≫ Irix Version6.5.13

Sgi ≫ Irix Version6.5.13f

Sgi ≫ Irix Version6.5.13m

Sgi ≫ Irix Version6.5.14

Sgi ≫ Irix Version6.5.14f

Sgi ≫ Irix Version6.5.14m

Sgi ≫ Irix Version6.5.15

Sgi ≫ Irix Version6.5.15f

Sgi ≫ Irix Version6.5.15m

Sgi ≫ Irix Version6.5.16

Sgi ≫ Irix Version6.5.16f

Sgi ≫ Irix Version6.5.16m

Sgi ≫ Irix Version6.5.17

Sgi ≫ Irix Version6.5.17f

Sgi ≫ Irix Version6.5.17m

Sgi ≫ Irix Version6.5.18

Sgi ≫ Irix Version6.5.18f

Sgi ≫ Irix Version6.5.18m

Sgi ≫ Irix Version6.5.19

Sgi ≫ Irix Version6.5.20

Cray ≫ Unicos Version6.0

Cray ≫ Unicos Version6.0e

Cray ≫ Unicos Version6.1

Cray ≫ Unicos Version7.0

Cray ≫ Unicos Version8.0

Cray ≫ Unicos Version8.3

Cray ≫ Unicos Version9.0

Cray ≫ Unicos Version9.0.2.5

Cray ≫ Unicos Version9.2

Cray ≫ Unicos Version9.2.4

Freebsd ≫ Freebsd Version4.0

Freebsd ≫ Freebsd Version4.1

Freebsd ≫ Freebsd Version4.1.1

Freebsd ≫ Freebsd Version4.1.1 Updaterelease

Freebsd ≫ Freebsd Version4.1.1 Updatestable

Freebsd ≫ Freebsd Version4.2

Freebsd ≫ Freebsd Version4.2 Updatestable

Freebsd ≫ Freebsd Version4.3

Freebsd ≫ Freebsd Version4.3 Updaterelease

Freebsd ≫ Freebsd Version4.3 Updatestable

Freebsd ≫ Freebsd Version4.4

Freebsd ≫ Freebsd Version4.4 Updatestable

Freebsd ≫ Freebsd Version4.5

Freebsd ≫ Freebsd Version4.5 Updaterelease

Freebsd ≫ Freebsd Version4.5 Updatestable

Freebsd ≫ Freebsd Version4.6

Freebsd ≫ Freebsd Version4.6 Updaterelease

Freebsd ≫ Freebsd Version4.6 Updatestable

Freebsd ≫ Freebsd Version4.6.2

Freebsd ≫ Freebsd Version4.7

Freebsd ≫ Freebsd Version4.7 Updaterelease

Freebsd ≫ Freebsd Version4.7 Updatestable

Freebsd ≫ Freebsd Version5.0

Hp ≫ Hp-ux Version10.20

Hp ≫ Hp-ux Version10.24

Hp ≫ Hp-ux Version11.00

Hp ≫ Hp-ux Version11.04

Hp ≫ Hp-ux Version11.11

Hp ≫ Hp-ux Version11.20

Hp ≫ Hp-ux Version11.22

Hp ≫ Hp-ux Series 700 Version10.20

Hp ≫ Hp-ux Series 800 Version10.20

Ibm ≫ Aix Version4.3.3

Ibm ≫ Aix Version5.1

Ibm ≫ Aix Version5.2

Openbsd ≫ Openbsd Version2.0

Openbsd ≫ Openbsd Version2.1

Openbsd ≫ Openbsd Version2.2

Openbsd ≫ Openbsd Version2.3

Openbsd ≫ Openbsd Version2.4

Openbsd ≫ Openbsd Version2.5

Openbsd ≫ Openbsd Version2.6

Openbsd ≫ Openbsd Version2.7

Openbsd ≫ Openbsd Version2.8

Openbsd ≫ Openbsd Version2.9

Openbsd ≫ Openbsd Version3.0

Openbsd ≫ Openbsd Version3.1

Openbsd ≫ Openbsd Version3.2

Sun ≫ Solaris Version2.5.1 Editionx86

Sun ≫ Solaris Version2.6

Sun ≫ Solaris Version7.0 Editionx86

Sun ≫ Solaris Version8.0 Editionx86

Sun ≫ Solaris Version9.0 Editionsparc

Sun ≫ Solaris Version9.0 Editionx86

Sun ≫ Sunos Version-

Sun ≫ Sunos Version5.5.1

Sun ≫ Sunos Version5.7

Sun ≫ Sunos Version5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	56.05%	0.979

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.redhat.com/support/errata/RHSA-2003-051.html

http://www.redhat.com/support/errata/RHSA-2003-052.html

http://www.debian.org/security/2003/dsa-266

http://www.redhat.com/support/errata/RHSA-2003-091.html

http://www.securityfocus.com/archive/1/316960/30/25250/threaded

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html

http://marc.info/?l=bugtraq&m=104810574423662&w=2

http://marc.info/?l=bugtraq&m=104811415301340&w=2

http://marc.info/?l=bugtraq&m=104860855114117&w=2

http://marc.info/?l=bugtraq&m=104878237121402&w=2

http://marc.info/?l=bugtraq&m=105362148313082&w=2

http://www.cert.org/advisories/CA-2003-10.html

Patch

Third Party Advisory

US Government Resource

http://www.debian.org/security/2003/dsa-272

http://www.debian.org/security/2003/dsa-282

http://www.eeye.com/html/Research/Advisories/AD20030318.html

Vendor Advisory

Exploit

http://www.kb.cert.org/vuls/id/516825

US Government Resource

http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:037

http://www.novell.com/linux/security/advisories/2003_027_glibc.html

http://www.redhat.com/support/errata/RHSA-2003-089.html

http://www.securityfocus.com/archive/1/315638/30/25430/threaded

http://www.securityfocus.com/archive/1/316931/30/25250/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230

https://security.netapp.com/advisory/ntap-20150122-0002/

https://nvd.nist.gov/vuln/detail/CVE-2003-0028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0028

EUVD