CVE-2002-0391 — CRITICAL (9.8)

Q: How severe is CVE-2002-0391?

CVE-2002-0391 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2002-0391?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Openbsd Openbsd, Sun Solaris, Sun Sunos, Microsoft Windows 2000.

Vulnerability Description

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Freebsd	Freebsd	<= 4.6.1
Openbsd	Openbsd	3.1
Sun	Solaris	2.6
Sun	Sunos	5.5.1
Microsoft	Windows 2000	-
Microsoft	Windows Nt	4.0
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-190

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txtBroken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.ascBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-ABroken Link
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-PBroken Link
http://archives.neohapsis.com/archives/aix/2002-q4/0002.htmlBroken Link
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.htmlBroken Link
http://archives.neohapsis.com/archives/hp/2002-q3/0077.htmlBroken Link
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823Broken LinkVendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535Broken Link
http://marc.info/?l=bugtraq&m=102813809232532&w=2ExploitMailing List
http://marc.info/?l=bugtraq&m=102821785316087&w=2ExploitMailing List
http://marc.info/?l=bugtraq&m=102821928418261&w=2ExploitMailing List
http://marc.info/?l=bugtraq&m=102831443208382&w=2ExploitMailing List
http://marc.info/?l=bugtraq&m=103158632831416&w=2Mailing List

FAQ

What is CVE-2002-0391?

CVE-2002-0391 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by...

How severe is CVE-2002-0391?

CVE-2002-0391 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2002-0391?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Openbsd Openbsd, Sun Solaris, Sun Sunos, Microsoft Windows 2000.