[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] buffer overflow in RPC library routine
- To: linux-security
- Subject: [linux-security] buffer overflow in RPC library routine
- From: Martin Siegert <siegert@sfu.ca>
- Date: Tue, 13 Aug 2002 18:22:16 -0700
- User-Agent: Mutt/1.4i
Topic
=====
buffer overflow in RPC library used by glibc.
Problem Description
===================
The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. NFS, NIS, and many other network services are built upon Sun
RPC. glibc contains an XDR encoder/decoder derived from Sun's RPC
implementation which was recently demonstrated to be vulnerable to a heap
overflow.
An error in the calculation of memory needed for unpacking arrays in the
XDR decoder in glibc 2.2.5 and earlier can result in a heap buffer
overflow. Depending upon the application, this vulnerability may be
exploitable and lead to arbitrary code execution.
The severity of this vulnerability is unknown: the effected routine
is used only in very few programs. Nevertheless, if this bug is found to
be exploitable then there exists the potential for a remote root exploit.
Thus, upgrading to fixed packages is strongly advised.
Note, that this bug has nothing to do with the bug in the resolver library
functions that was reported earlier.
Affected Systems
================
all glibc versions 2.2.5 and earlier
(since 2.2.5 is the newest version this basically affects all Linux
distributions)
Solution
========
upgrade to patched version for your distribution.
RedHat 6.x
----------
rpm -Fvh glibc-2.1.3-26.i386.rpm \
glibc-devel-2.1.3-26.i386.rpm \
glibc-profile-2.1.3-26.i386.rpm \
nscd-2.1.3-26.i386.rpm
RedHat 7.0
----------
rpm -Fvh glibc-2.2.4-18.7.0.6.<arch>.rpm \
glibc-common-2.2.4-18.7.0.6.i386.rpm \
glibc-devel-2.2.4-18.7.0.6.i386.rpm \
glibc-profile-2.2.4-18.7.0.6.i386.rpm \
nscd-2.2.4-18.7.0.6.i386.rpm
where <arch> is either i386 or i686.
RedHat 7.1, 7.2
---------------
rpm -Fvh glibc-2.2.4-29.<arch>.rpm \
glibc-common-2.2.4-29.i386.rpm \
glibc-devel-2.2.4-29.i386.rpm \
glibc-profile-2.2.4-29.i386.rpm \
nscd-2.2.4-29.i386.rpm
where <arch> is either i386 or i686.
RedHat 7.3
----------
rpm -Fvh glibc-2.2.5-39.<arch>.rpm \
glibc-common-2.2.5-39.i386.rpm \
glibc-debug-2.2.5-39.<arch>.rpm \
glibc-debug-static-2.2.5-39.i386.rpm \
glibc-devel-2.2.5-39.i386.rpm \
glibc-profile-2.2.5-39.i386.rpm \
glibc-utils-2.2.5-39.i386.rpm \
nscd-2.2.5-39.i386.rpm
where <arch> is either i386 or i686.
Debian 2.2 (potato)
-------------------
upgrade to libc6_2.1.3-23_i386.deb,
libc6-dbg_2.1.3-23_i386.deb,
libc6-dev_2.1.3-23_i386.deb,
libc6-pic_2.1.3-23_i386.deb,
libc6-prof_2.1.3-23_i386.deb,
libnss1-compat_2.1.3-23_i386.deb,
locales_2.1.3-23_i386.deb,
nscd_2.1.3-23_i386.deb,
glibc-doc_2.1.3-23_all.deb,
i18ndata_2.1.3-23_all.deb
Debian 3.0 (woody)
------------------
upgrade to libc6_2.2.5-11.1_i386.deb,
libc6-dbg_2.2.5-11.1_i386.deb,
libc6-dev_2.2.5-11.1_i386.deb,
libc6-pic_2.2.5-11.1_i386.deb,
libc6-prof_2.2.5-11.1_i386.deb,
nscd_2.2.5-11.1_i386.deb,
glibc-doc_2.2.5-11.1_all.deb,
locales_2.2.5-11.1_all.deb