Debian Security Advisory DSA 146-1 (dietlibc)

Published: 2008-01-17 21:24:46
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Recommendations:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20146-1

Technical Details:
An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The Linux Distribution Packages below also fix integer overflows in the calloc, fread and fwrite code. They are also more strict regarding hostile DNS packets that could lead to a vulnerability otherwise. These problems have been fixed in version 0.12-2.2 for the current stable distribution (woody) and in version 0.20-0cvs20020806 for the unstable distribution (sid). Debian 2.2 (potato) is not affected since it doesn't contain dietlibc Linux Distribution Packages. We recommend that you upgrade your dietlibc Linux Distribution Packages immediately.

Summary:
The remote host is missing an update to dietlibc announced via advisory DSA 146-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2002-0391

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/5356

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.