Re: Remote Buffer Overflow Vulnerability in Sun RPC

From: Ricardo Quesada (core.lists.bugtraq@core-sdi.com)
Date: Fri Aug 02 2002 - 12:28:49 PDT

Next message: Ofir Arkin: "Xprobe2 - Tool & Paper release"

Previous message: david evlis reign: "kerberos rpc xdr_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
     As the advisory says: "...Additional
commercial and open-source Unix operating systems use implementations of 
SunRPC, and may also be vulnerable..."...

    it seems that glibc based systems (eg: most, if not all, linuxes) 
are also vulnerable to exactly the same xdr_array problem.

    (take a look at glibc-2.2.5/sunrpc/xdr_array.c)

riq.


--- for a personal reply use: Ricardo Quesada <riqat_private>

Next message: Ofir Arkin: "Xprobe2 - Tool & Paper release"
Previous message: david evlis reign: "kerberos rpc xdr_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 10:17:50 PDT