SB2020012134 - Input validation error in Glibc
Published: January 21, 2020 Updated: June 3, 2025
Security Bulletin ID
SB2020012134
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2003-0028)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Remediation
Install update from vendor's website.
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
- http://marc.info/?l=bugtraq&m=104810574423662&w=2
- http://marc.info/?l=bugtraq&m=104811415301340&w=2
- http://marc.info/?l=bugtraq&m=104860855114117&w=2
- http://marc.info/?l=bugtraq&m=104878237121402&w=2
- http://marc.info/?l=bugtraq&m=105362148313082&w=2
- http://www.cert.org/advisories/CA-2003-10.html
- http://www.debian.org/security/2003/dsa-266
- http://www.debian.org/security/2003/dsa-272
- http://www.debian.org/security/2003/dsa-282
- http://www.eeye.com/html/Research/Advisories/AD20030318.html
- http://www.kb.cert.org/vuls/id/516825
- http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
- http://www.novell.com/linux/security/advisories/2003_027_glibc.html
- http://www.redhat.com/support/errata/RHSA-2003-051.html
- http://www.redhat.com/support/errata/RHSA-2003-052.html
- http://www.redhat.com/support/errata/RHSA-2003-089.html
- http://www.redhat.com/support/errata/RHSA-2003-091.html
- http://www.securityfocus.com/archive/1/315638/30/25430/threaded
- http://www.securityfocus.com/archive/1/316931/30/25250/threaded
- http://www.securityfocus.com/archive/1/316960/30/25250/threaded
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
- https://security.netapp.com/advisory/ntap-20150122-0002/