Integer Overflow Vulnerability in RPC Servers by Sun Microsystems
CVE-2002-0391

9.8CRITICAL

Key Information:

Vendor

FreeBSD

Status
FreeBSD
OpenBSD
Sunos
Solaris
Vendor
CVE Published:
12 August 2002

What is CVE-2002-0391?

The vulnerability arises from an integer overflow in the xdr_array function within RPC servers, particularly those utilizing libc, glibc, or derivatives of SunRPC, including dietlibc. Attackers can exploit this flaw by sending an excessive number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd, which may lead to the execution of arbitrary code. This could potentially compromise the integrity and confidentiality of the system, allowing unauthorized access and manipulation of sensitive data.

References

http://www.iss.net/security_center/static/9170.php
vdb-entryx_refsource_XF
ftp://patches.sgi.com/support/free/security/advisories/20...
vendor-advisoryx_refsource_SGI
http://www.cert.org/advisories/CA-2002-25.html
third-party-advisoryx_refsource_CERT

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-0391 : Integer Overflow Vulnerability in RPC Servers by Sun Microsystems