Rapid7 Vulnerability & Exploit Database

RHSA-2002:166: Updated glibc packages fix vulnerabilities in RPC XDR decoder

Back to Search

RHSA-2002:166: Updated glibc packages fix vulnerabilities in RPC XDR decoder

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/12/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated glibc packages are available to fix a buffer overflow in the XDR decoder.

The glibc package contains standard libraries which are used by multiple programs on the system. Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. NFS, NIS, and many other network services are built upon Sun RPC. glibc contains an XDR encoder/decoder derived from Sun's RPC implementation which was recently demonstrated to be vulnerable to a heap overflow. An error in the calculation of memory needed for unpacking arrays in the XDR decoder in glibc 2.2.5 and earlier can result in a heap buffer overflow. Depending upon the application, this vulnerability may be exploitable and lead to arbitrary code execution. All users should upgrade to these errata packages which contain patches to the glibc libraries and therefore are not vulnerable to these issues. Thanks to Solar Designer for providing patches for this issue

Solution(s)

  • redhat-upgrade-glibc
  • redhat-upgrade-glibc-common
  • redhat-upgrade-glibc-debug
  • redhat-upgrade-glibc-debug-static
  • redhat-upgrade-glibc-devel
  • redhat-upgrade-glibc-profile
  • redhat-upgrade-glibc-utils
  • redhat-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;