What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22
- - ---------------------------------------------------------------------

          PACKAGE : glibc
          SUMMARY : integer overflow
             DATE : 2003-03-25 08:49 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8) : fixed version>=2.3.1-r4 (arm: >=2.2.5-r8)
              CVE : CAN-2003-0028

- - ---------------------------------------------------------------------

- From advisory:

"The xdrmem_getbytes() function in the XDR library provided by 
Sun Microsystems contains an integer overflow. Depending on the 
location and use of the vulnerable xdrmem_getbytes() routine, various 
conditions may be presented that can permit an attacker to remotely 
exploit a service using this vulnerable routine."

Read the full advisory at: 
Privileged Access Management, Cyber Security, and… | BeyondTrust

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-libs/glibc upgrade to 
glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows:

emerge sync
emerge glibc
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

2.2.5-r8)

Gentoo: glibc buffer overflow vulnerability

The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

- From advisory:

"The xdrmem_getbytes() function in the XDR library provided by 
Sun Microsystems contains an integer overflow. Depending on the 
location and use of the vulnerable xdrmem_getbytes() routine, various 
conditions may be presented that can permit an attacker to remotely 
exploit a service using this vulnerable routine."

Read the full advisory at: 
Privileged Access Management, Cyber Security, and… | BeyondTrust

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-libs/glibc upgrade to 
glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows:

emerge sync
emerge glibc
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

2.2.5-r8)

Resolution

References

Availability

Concerns

Severity
PACKAGE : glibc
SUMMARY : integer overflow
DATE : 2003-03-25 08:49 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8) : fixed version>=2.3.1-r4 (arm: >=2.2.5-r8)
CVE : CAN-2003-0028

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Here's What You Need to Know about the Upcoming Curl Security Patches

Oct 10, 2023

Important Fix for c-ares DoS Bug Released

Jun 22, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo