Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Gentoo: 200303-29 Critical Integer Overflow in dietlibc Exploit

gentoo
Calendar Grey March 31, 2003
Dist Gentoo Esm H88
GENTOO LINUX SECURITY UPDATE 202303-45 addressing a severe buffer overflow flaw in libcurl impacting network communication functionalities.
The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-29
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------
- From advisory:
"The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow. Depending on the location and use of the vulnerable xdrmem_getbytes() routine, various conditions may be presented that can permit an attacker to remotely exploit a service using this vulnerable routine."
Read the full advisory at: Privileged Access Management, Cyber Security, and… | BeyondTrust
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-libs/dietlibc upgrade to dietlibc-0.22-r1 as follows:
emerge sync emerge dietlibc emerge clean
- - ------...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : dietlibc
SUMMARY : integer overflow
DATE : 2003-03-31 12:35 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <0.22-r1 : fixed version>=0.22-r1
CVE : CAN-2003-0028

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround