CVE-2002-0391

Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.2 krb5-devel versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2 glibc versions 2.1.3 through 2.2.4 glibc-common version 2.2.4 glibc-profile versions 2.1.3 through 2.2.4 glibc-devel versions 2.1.3 through 2.2.4 acm (affected versions not specified) libnss1-compat (affected versions not specified)

Description The issue affects multiple packages in Red Hat Linux and Debian GNU/Linux operating systems, potentially leading to confidentiality, integrity, and availability breaches of protected information. Exploitation can be done remotely. Specifically, an integer overflow in the xdr array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC, including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr array through RPC services such as rpc.cmsd and dmispd.

Recommendations For krb5-workstation versions 1.1.1 through 1.2.2, update to a version that includes the fix for this issue. For krb5-devel versions 1.1.1 through 1.2.2, update to a version that includes the fix for this issue. For krb5-configs version 1.1.1, update to a version that includes the fix for this issue. For krb5-server versions 1.1.1 through 1.2.2, update to a version that includes the fix for this issue. For krb5-libs version 1.1.1, update to a version that includes the fix for this issue. For krb5 versions 1.1.1 through 1.2.2, update to a version that includes the fix for this issue. For glibc versions 2.1.3 through 2.2.4, update to a version that includes the fix for this issue. For glibc-common version 2.2.4, update to a version that includes the fix for this issue. For glibc-profile versions 2.1.3 through 2.2.4, update to a version that includes the fix for this issue. For glibc-devel versions 2.1.3 through 2.2.4, update to a version that includes the fix for this issue. For acm, at the moment, there is no information about a newer version that contains a fix for this issue. For libnss1-compat, at the moment, there is no information about a newer version that contains a fix for this issue.