GLSA: dietlibc

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 09/27/02

  • Next message: Jose Martins: "tst attachment" 

    From: Daniel Ahlberg <aliz@gentoo.org>
To: bugtraq@securityfocus.com
Date: Fri, 27 Sep 2002 12:05:24 +0200

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - --------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT
    - - --------------------------------------------------------------------

    PACKAGE :dietlibc
    SUMMARY :integer overflow
    DATE :2002-09-27 10:00 UTC

    - - --------------------------------------------------------------------

    There is an integer overflow present in the xdr_array() function
    distributed as part of the Sun Microsystems XDR library. This overflow
    has been shown to lead to remotely exploitable buffer overflows in
    multiple applications, leading to the execution of arbitrary code.
    Although the library was originally distributed by Sun Microsystems,
    multiple vendors have included the vulnerable code in their own
    implementations.

    DETAIL

    The XDR (external data representation) libraries are used to provide
    platform-independent methods for sending data from one system process to
    another, typically over a network connection. Such routines are commonly
    used in remote procedure call (RPC) implementations to provide transparency
    to application programmers who need to use common interfaces to interact
    with many different types of systems. The xdr_array() function in the XDR
    library provided by Sun Microsystems contains an integer overflow that can
    lead to improperly sized dynamic memory allocation. Subsequent problems like
    buffer overflows may result, depending on how and where the vulnerable
    xdr_array() function is used.

    More information can be found at:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0391
    http://www.kb.cert.org/vuls/id/192995

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    dev-libs/dietlibc-0.16 and earlier update their systems
    as follows:

    emerge rsync
    emerge dietlibc
    emerge clean

    - - --------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
    - - --------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE9lC1lfT7nyhUpoZMRArpEAJ9GsPVak+fa+KFFmZeuuLCHvo6NAgCfSUg9
    kyg156mRGebdj8If4RayWps=
    =UJYT
    -----END PGP SIGNATURE-----

    Relevant Pages

    • RE: EEYE: XDR Integer Overflow
      ... Subject: EEYE: XDR Integer Overflow ... BSD-derived libraries with XDR/RPC routines ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: dietlibc
      ... There is an integer overflow present in the xdr_arrayfunction ... Although the library was originally distributed by Sun Microsystems, ... The XDR libraries are used to provide ...
      (Full-Disclosure)
    • [VulnWatch] CERT Advisory CA-2002-25 Integer Overflow In XDR Library (fwd)
      ... CERT Advisory CA-2002-25 Integer Overflow In XDR Library ... The XDR libraries are used to provide ... Note that XDR libraries can be used by multiple applications on most ...
      (VulnWatch)
    • Re: ASNI C runtime date bug - myth or real
      ... If a problem does exist in the date routines of the ASNI libraries, ... I feel that any such overflow might occur in date manipulation ... The most common representation for time_t is an integer representing ...
      (comp.lang.c)
    • Re: integer overflow
      ... > After a sufficiently large value an overflow occurs. ... preventing it means switching to a different data type. ... There are libraries you can use for numbers bigger than unsigned ... darrell at cs dot toronto dot edu ...
      (comp.lang.c)