tech-security: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library

Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: None <tech-security@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 03/24/2003 17:13:53

On Mon, 24 Mar 2003, Christos Zoulas wrote:

> There is one created:
>
> 	SA2003-008	faulty length checks in xdrmem_getbytes
>
> and it will be posted when it is ready.

Thanks. I see that FreeBSD already has advisory and OpenBSD has same fixes
(but no advisory). This will help me.

Does anyone know which static binaries use these xdrmem_getlong_aligned(),
xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
functions?

I am guessing that just mount_nfs and umount may possibly use.

I am trying to figure out what other libraries or tools may use that code
(maybe librpcsvc?), by going backwards from these functions that are
changed. This is a little too hard to do manually.

   Jeremy C. Reed
   http://bsd.reedmedia.net/