Test ID:	1.3.6.1.4.1.25623.1.0.50698
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:037 (glibc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to glibc announced via advisory MDKSA-2003:037. An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0028 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0028 Bugtraq: 20030319 EEYE: XDR Integer Overflow (Google Search) http://marc.info/?l=bugtraq&m=104810574423662&w=2 Bugtraq: 20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes (Google Search) http://marc.info/?l=bugtraq&m=104811415301340&w=2 Bugtraq: 20030319 RE: EEYE: XDR Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/315638/30/25430/threaded Bugtraq: 20030325 GLSA: glibc (200303-22) (Google Search) http://marc.info/?l=bugtraq&m=104860855114117&w=2 Bugtraq: 20030331 GLSA: dietlibc (200303-29) (Google Search) http://www.securityfocus.com/archive/1/316931/30/25250/threaded Bugtraq: 20030331 GLSA: krb5 & mit-krb5 (200303-28) (Google Search) http://www.securityfocus.com/archive/1/316960/30/25250/threaded Bugtraq: 20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) (Google Search) http://marc.info/?l=bugtraq&m=105362148313082&w=2 Caldera Security Advisory: CSSA-2003-013.0 http://www.cert.org/advisories/CA-2003-10.html CERT/CC vulnerability note: VU#516825 http://www.kb.cert.org/vuls/id/516825 Debian Security Information: DSA-266 (Google Search) http://www.debian.org/security/2003/dsa-266 Debian Security Information: DSA-272 (Google Search) http://www.debian.org/security/2003/dsa-272 Debian Security Information: DSA-282 (Google Search) http://www.debian.org/security/2003/dsa-282 eEye Security Advisory: AD20030318 http://www.eeye.com/html/Research/Advisories/AD20030318.html En Garde Linux Advisory: ESA-20030321-010 http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html FreeBSD Security Advisory: FreeBSD-SA-03:05 http://www.mandriva.com/security/advisories?name=MDKSA-2003:037 NETBSD Security Advisory: NetBSD-SA2003-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230 http://www.redhat.com/support/errata/RHSA-2003-051.html http://www.redhat.com/support/errata/RHSA-2003-052.html http://www.redhat.com/support/errata/RHSA-2003-089.html http://www.redhat.com/support/errata/RHSA-2003-091.html SuSE Security Announcement: SuSE-SA:2003:027 (Google Search) http://www.novell.com/linux/security/advisories/2003_027_glibc.html http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.