// For flags

CVE-2002-0391

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2002-05-28 CVE Reserved
  • 2002-08-06 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-08-08 First Exploit
  • 2024-08-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (40)
URL Tag Source
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html Broken Link
http://marc.info/?l=bugtraq&m=103158632831416&w=2 Mailing List
http://online.securityfocus.com/archive/1/285740 Broken Link
http://www.iss.net/security_center/static/9170.php Broken Link
http://www.kb.cert.org/vuls/id/192995 Third Party Advisory
http://www.securityfocus.com/bid/5356 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9 Broken Link
URL Date SRC
http://marc.info/?l=bugtraq&m=102813809232532&w=2 2024-08-08
http://marc.info/?l=bugtraq&m=102821785316087&w=2 2024-08-08
http://marc.info/?l=bugtraq&m=102821928418261&w=2 2024-08-08
http://marc.info/?l=bugtraq&m=102831443208382&w=2 2024-08-08
URL Date SRC
http://www.cert.org/advisories/CA-2002-25.html 2024-02-08
URL Date SRC
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt 2024-02-08
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc 2024-02-08
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A 2024-02-08
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P 2024-02-08
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html 2024-02-08
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html 2024-02-08
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 2024-02-08
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 2024-02-08
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 2024-02-08
http://online.securityfocus.com/advisories/4402 2024-02-08
http://rhn.redhat.com/errata/RHSA-2002-166.html 2024-02-08
http://rhn.redhat.com/errata/RHSA-2002-172.html 2024-02-08
http://www.debian.org/security/2002/dsa-142 2024-02-08
http://www.debian.org/security/2002/dsa-143 2024-02-08
http://www.debian.org/security/2002/dsa-146 2024-02-08
http://www.debian.org/security/2002/dsa-149 2024-02-08
http://www.debian.org/security/2003/dsa-333 2024-02-08
http://www.linuxsecurity.com/advisories/other_advisory-2399.html 2024-02-08
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057 2024-02-08
http://www.redhat.com/support/errata/RHSA-2002-167.html 2024-02-08
http://www.redhat.com/support/errata/RHSA-2002-173.html 2024-02-08
http://www.redhat.com/support/errata/RHSA-2003-168.html 2024-02-08
http://www.redhat.com/support/errata/RHSA-2003-212.html 2024-02-08
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057 2024-02-08
https://access.redhat.com/security/cve/CVE-2002-0391 2003-06-26
https://bugzilla.redhat.com/show_bug.cgi?id=1616771 2003-06-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 <= 4.6.1
Search vendor "Freebsd" for product "Freebsd" and version " <= 4.6.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openbsd
Search vendor "Openbsd" for product "Openbsd"
 3.1
Search vendor "Openbsd" for product "Openbsd" and version "3.1"
-
Affected
Sun
Search vendor "Sun"
 Solaris
Search vendor "Sun" for product "Solaris"
 2.6
Search vendor "Sun" for product "Solaris" and version "2.6"
-
Affected
Sun
Search vendor "Sun"
 Solaris
Search vendor "Sun" for product "Solaris"
 9.0
Search vendor "Sun" for product "Solaris" and version "9.0"
sparc
Affected
Sun
Search vendor "Sun"
 Sunos
Search vendor "Sun" for product "Sunos"
 5.5.1
Search vendor "Sun" for product "Sunos" and version "5.5.1"
-
Affected
Sun
Search vendor "Sun"
 Sunos
Search vendor "Sun" for product "Sunos"
 5.7
Search vendor "Sun" for product "Sunos" and version "5.7"
-
Affected
Sun
Search vendor "Sun"
 Sunos
Search vendor "Sun" for product "Sunos"
 5.8
Search vendor "Sun" for product "Sunos" and version "5.8"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows Nt
Search vendor "Microsoft" for product "Windows Nt"
 4.0
Search vendor "Microsoft" for product "Windows Nt" and version "4.0"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
--
Affected