Vulnerability Details : CVE-2003-0028
Potential exploit
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Vulnerability category: OverflowExecute code
Products affected by CVE-2003-0028
- cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*
- cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:6.0e:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:9.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:cray:unicos:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*
Threat overview for CVE-2003-0028
Top countries where our scanners detected CVE-2003-0028
Top open port discovered on systems with this issue
554
IPs affected by CVE-2003-0028 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0028!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0028
56.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0028
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2003-0028
-
http://www.debian.org/security/2003/dsa-282
Debian -- The Universal Operating System
-
http://www.kb.cert.org/vuls/id/516825
VU#516825 - Integer overflow in Sun RPC XDR library routinesUS Government Resource
-
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
Stay Vigilant with Timely Linux Security Advisories
-
http://marc.info/?l=bugtraq&m=104811415301340&w=2
'MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes' - MARC
-
http://www.debian.org/security/2003/dsa-266
Debian -- The Universal Operating System
-
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
-
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
-
http://www.debian.org/security/2003/dsa-272
Debian -- The Universal Operating System
-
http://marc.info/?l=bugtraq&m=105362148313082&w=2
'[slackware-security] glibc XDR overflow fix (SSA:2003-141-03)' - MARC
-
http://www.redhat.com/support/errata/RHSA-2003-051.html
Support
-
http://marc.info/?l=bugtraq&m=104878237121402&w=2
'TSLSA-2003-0014 - glibc' - MARC
-
http://marc.info/?l=bugtraq&m=104860855114117&w=2
'GLSA: glibc (200303-22)' - MARC
-
http://www.eeye.com/html/Research/Advisories/AD20030318.html
Exploit;Vendor Advisory
-
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
-
http://www.redhat.com/support/errata/RHSA-2003-052.html
Support
-
http://www.redhat.com/support/errata/RHSA-2003-089.html
Support
-
http://www.cert.org/advisories/CA-2003-10.html
2003 CERT AdvisoriesPatch;Third Party Advisory;US Government Resource
-
https://security.netapp.com/advisory/ntap-20150122-0002/
CVE-2003-0028 XDR Libraries Integer Overflow Vulnerability in Data ONTAP | NetApp Product Security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
404 Not Found
-
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
-
http://marc.info/?l=bugtraq&m=104810574423662&w=2
'EEYE: XDR Integer Overflow' - MARC
-
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
Security - Support | SUSE
-
http://www.redhat.com/support/errata/RHSA-2003-091.html
Support
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
Mandriva
Jump to