CVE-2002-0391
CRITICALFreeBSD < 4.6.1 - Remote Code Execution via xdr_array Integer Overflow
Title source: llmDescription
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
References (38)
Core 38
Core References
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9170.php
Broken Link vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2002-25.html
Broken Link, Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/4402
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103158632831416&w=2
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-146
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-166.html
Broken Link vendor-advisory
x_refsource_hp
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
Broken Link vendor-advisory
x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-143
Broken Link, Vendor Advisory third-party-advisory
x_refsource_iss
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Broken Link vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-212.html
Third Party Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-142
Broken Link vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
Broken Link vendor-advisory
x_refsource_aixapar
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-167.html
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Exploit, Mailing List vendor-advisory
x_refsource_freebsd
http://marc.info/?l=bugtraq&m=102821928418261&w=2
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-173.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5356
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/285740
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102813809232532&w=2
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102821785316087&w=2
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/192995
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-172.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
Broken Link vendor-advisory
x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
Broken Link vendor-advisory
x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-149
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102831443208382&w=2
Broken Link vendor-advisory
x_refsource_debian
http://www.debian.org/security/2003/dsa-333
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-168.html
Scores
CVSS v3
9.8
EPSS
0.0826
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-190
Status
published
Products (10)
freebsd/freebsd
< 4.6.1
microsoft/windows_2000
microsoft/windows_nt
4.0
microsoft/windows_xp
openbsd/openbsd
3.1
sun/solaris
2.6
sun/solaris
9.0
sun/sunos
5.5.1
sun/sunos
5.7
sun/sunos
5.8
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026