Integer overflow in the "Max-dotdot" CVS protocol command

The MITRE Corporation 5.0 2006-11-01T10:03:13.762-05:00 Integer overflow in the "Max-dotdot" CVS protocol command Red Hat Enterprise Linux 3 CVS Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Jay Beale INTERIM ACCEPTED ACCEPTED CVS serve_notify Improper Handling of Empty Data Lines Red Hat Enterprise Linux 3 CVS serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. Jay Beale INTERIM ACCEPTED ACCEPTED SquirrelMail Cross-site Scripting Vulnerability I Red Hat Enterprise Linux 3 SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Jay Beale INTERIM ACCEPTED ACCEPTED Ethereal 0-Length Buffer Size Vulnerability in tvb_get_nstring0() Red Hat Linux 9 Ethereal The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED SquirrelMail Cross-site Scripting Vulnerability II Red Hat Enterprise Linux 3 SquirrelMail Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Jay Beale INTERIM ACCEPTED ACCEPTED Red Hat Enterprise 3 Kernel Real Time Clock Data Leakage Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. Jay Beale INTERIM ACCEPTED ACCEPTED Red Hat Enterprise 3 Kernel R128 DRI Limits Checking Vulnerability Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." Jay Beale INTERIM ACCEPTED ACCEPTED SquirrelMail SQL Injection Vulnerability Red Hat Enterprise Linux 3 SquirrelMail SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Jay Beale INTERIM ACCEPTED ACCEPTED Red Hat Enterprise 3 Kernel ncp_lookup Function BO Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. Jay Beale INTERIM ACCEPTED ACCEPTED RHE3 Fetchmail Buffer Overflow via Long UIDL Responses Red Hat Enterprise Linux 3 fetchmail Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Malicious CVS Server RCS diff File Vulnerability in CVS Client Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. Jay Beale INTERIM ACCEPTED ACCEPTED Various Ethereal Dissector Vulnerabilities Red Hat Linux 9 Ethereal Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Directory Traversal Vulnerability in CVS Server Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180. Jay Beale INTERIM ACCEPTED ACCEPTED Multiple Format String Vulnerabilities in neon and Dependent Products Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. Jay Beale INTERIM ACCEPTED Matthew Wojcik Matthew Wojcik Matthew Wojcik Matthew Wojcik INTERIM ACCEPTED ACCEPTED Ximian Evolution Mail User Agent uuencoded header Denial of Service Red Hat Linux 9 Ximian Evolution The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED RHE4 Firefox External App Code Acceptance Vulnerability Red Hat Enterprise Linux 4 mozilla Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Ximian Evolution User Agent Multiple uuencoding Denial of Service Red Hat Linux 9 Ximian Evolution Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED gzip Argument Sanitation Vulnerability Red Hat Enterprise Linux 3 zgrep zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED PostgreSQL tsearch2 "internal" Functions Vulnerability Red Hat Enterprise Linux 3 postgresql The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED gzip zgrep Sanitation Vulnerability Red Hat Enterprise Linux 3 gzip zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Ximian Evolution MIME-encoded Image Buffer Overflow Red Hat Linux 9 Ximian Evolution The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED mlock Memory Page Tracking Vulnerability Red Hat Enterprise Linux 3 Linux kernel The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED GDM Examine Errors Symlink Vulnerability Red Hat Linux 9 GDM GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. Jay Beale INTERIM ACCEPTED ACCEPTED Linux Kernel elf_core_dump() Buffer Overflow Red Hat Enterprise Linux 3 Linux kernel The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE4 Fetchmail Buffer Overflow via Long UIDL Responses Red Hat Enterprise Linux 4 fetchmail Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED X Display Manager Control Protocol Denial of Service Red Hat Linux 9 GDM The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. Jay Beale INTERIM ACCEPTED ACCEPTED Telnet Client Information Disclosure Vulnerability Red Hat Enterprise Linux 3 telnet Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED bzip2 Arbitrary File Permission Modification Vulnerability Red Hat Enterprise Linux 3 bzip2 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED gzip Hard Link Attack Red Hat Enterprise Linux 3 gzip Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE3 Firefox External App Code Acceptance Vulnerability Red Hat Enterprise Linux 3 mozilla Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Multiple Buffer Overflows in libXML2 Red Hat Enterprise Linux 3 libxml2 Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Multiple Buffer Overflows in libgd Red Hat Enterprise Linux 3 libgd Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Linux Kernel shmctl() Memory Swap Vulnerability Red Hat Enterprise Linux 3 Linux kernel The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE4 Improper Handling of Synthetic Events in Mozilla Red Hat Enterprise Linux 4 mozilla The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED sudo Symlink Vulnerability Red Hat Enterprise Linux 3 sudo Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED It appears that we can't parse the vulnerable configuration condition (an ALL in the second field of a line after a line that has no ALL in the second field) with our existing regexp. gedit Format String Vulnerability Red Hat Enterprise Linux 3 gedit Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE3 Firefox and Mozilla DOM Node Spoofing Red Hat Enterprise Linux 3 mozilla Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing"). Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Integer Overflow in libgd2 Red Hat Enterprise Linux 3 libgd Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE3 Firefox and Mozilla Javascript Dialog Box Spoofing Red Hat Enterprise Linux 3 mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE3 Firefox InstallTrigger Callback Vulnerability Red Hat Enterprise Linux 3 mozilla The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED GDM X Display Manager Authorization Vulnerability Red Hat Linux 9 GDM The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. Jay Beale INTERIM ACCEPTED ACCEPTED RHE4 Firefox InstallTrigger Callback Vulnerability Red Hat Enterprise Linux 4 The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE4 Firefox and Mozilla Javascript Dialog Box Spoofing Red Hat Enterprise Linux 4 mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED GNU Ghostscript -dSAFER Vulnerability Red Hat Linux 9 GNU Ghostscript Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED FreeRADIUS Ascend-Send-Secret Server Crash Red Hat Enterprise Linux 3 FreeRADIUS FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED RHE3 XBL Script Security Bypass Vulnerability Red Hat Enterprise Linux 3 mozilla Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED GnuPG Invalid User ID Vulnerability Red Hat Linux 9 GnuPG The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Evolution GtkHTML DoS via Malformed Message Red Hat Linux 9 GtkHTML GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. Jay Beale INTERIM ACCEPTED ACCEPTED RHE4 Mozilla top.focus() Cross-Site Scripting Vulnerability Red Hat Enterprise Linux 4 mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Evolution GtkHTML DoS via null Pointer Dereference Red Hat Linux 9 GtkHTML gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Apache Terminal Escape Sequence Vulnerability Red Hat Linux 9 Apache Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Apache Terminal Escape Sequence Vulnerability II Red Hat Linux 9 Apache Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Apache Linefeed Allocation Vulnerability Red Hat Linux 9 Apache A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Trustix Secure Linux der_chop Script Symlink Attack Vulnerability Red Hat Enterprise Linux 3 OpenSSL The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. Jay Beale DRAFT INTERIM ACCEPTED ACCEPTED Apache Weak Cipher Suite Vulnerability Red Hat Linux 9 Apache Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Apache prefork MPM Denial of Service Red Hat Linux 9 Apache The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Apache IPv6 Socket Failure Denial of Service Red Hat Linux 9 Apache Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED KDM pam_setcred Privilege Escalation Vulnerability Red Hat Linux 9 KDM KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. Jay Beale INTERIM ACCEPTED ACCEPTED Mutt BO Vulnerability in balsa Red Hat Linux 9 Mutt Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED KDM Weak Cookie Vulnerability Red Hat Linux 9 KDM KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. Jay Beale INTERIM ACCEPTED ACCEPTED <affected family="unix"> <platform>Sun Solaris 10</platform> <product>Operating System</product> </affected> <reference source="CVE" ref_id="CVE-2006-0516" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0516"/> <description>Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.</description> <oval_repository> <dates> <submitted date="2006-09-22T05:52:00.000-04:00"> <contributor organization="ThreatGuard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date="2006-09-25T12:47:00.000-04:00">DRAFT</status_change> <status_change date="2006-10-10T20:39:58.679-04:00">INTERIM</status_change> <status_change date="2006-10-31T19:35:30.871-05:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="AND"> <criteria comment="Software section" operator="AND"> <criterion comment="Solaris 10 is installed" negate="false" test_ref="oval:org.mitre.oval:tst:3955"/> <criterion comment="x86" negate="false" test_ref="oval:org.mitre.oval:tst:3338"/> <criterion comment="Patch 118844-14 or later installed" negate="true" test_ref="oval:org.mitre.oval:tst:3195"/> </criteria> <criteria comment="Configuration section" operator="AND"> <criterion comment="system is running in 64-bit mode" negate="false" test_ref="oval:org.mitre.oval:tst:3884"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:230" version="1" class="vulnerability"> <metadata> <title>xdrmem_bytes() Integer Overflow Vulnerability Red Hat Linux 9 krb5 Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Jay Beale INTERIM Jay Beale ACCEPTED ACCEPTED Kerberos KDC Heap Corruption Denial of Service Red Hat Linux 9 krb5 The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). Jay Beale INTERIM