CVE-2002-0391

NameCVE-2002-0391
DescriptionInteger overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-142, DSA-143, DSA-146, DSA-149, DSA-333
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
acm (PTS)wheezy5.0-28fixed
jessie5.0-29fixed
stretch, sid5.0-29.1fixed
dietlibc (PTS)wheezy0.33~cvs20120325-4fixed
wheezy (security)0.33~cvs20120325-4+deb7u1fixed
jessie0.33~cvs20120325-6+deb8u1fixed
stretch, sid0.34~cvs20160606-6fixed
glibc (PTS)jessie2.19-18+deb8u7fixed
jessie (security)2.19-18+deb8u3fixed
stretch, sid2.24-10fixed
krb5 (PTS)wheezy (security), wheezy1.10.1+dfsg-5+deb7u7fixed
jessie (security), jessie1.12.1+dfsg-19+deb8u2fixed
stretch, sid1.15-1fixed
openafs (PTS)wheezy1.6.1-3+deb7u5fixed
wheezy (security)1.6.1-3+deb7u7fixed
jessie (security), jessie1.6.9-2+deb8u5fixed
stretch, sid1.6.20-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
acmsource(unstable)5.0-10high
acmsourcewoody5.0-3.woody.1highDSA-333
dietlibcsource(unstable)0.20-0cvs20020808high
dietlibcsourcewoody0.12-2.4highDSA-146
glibcsource(unstable)2.2.5-13high
glibcsourcewoody2.2.5-11.1highDSA-149
krb5source(unstable)1.2.5-2high
krb5sourcewoody1.2.4-5woody1highDSA-143
openafssource(unstable)1.2.6-1high
openafssourcewoody1.2.3final2-6highDSA-142

Search for package or bug name: Reporting problems