Title: Microsoft Malformed RPC Packet Buffer Overflow Vulnerability
Severity: HIGH
Description:
Microsoft Services for Unix (SFU) 3.0 Interix SDK is a development environment used to port Unix applications to the Microsoft Windows Platform. A vulnerability has been reported to affect applications built with SFU 3.0 Interix SDK. The issue is related to the Interix implementation of SunRPC.
This vulnerability is the result of RPC clients transmitting data in variable sized fragments. When RPC servers receive malformed fragments, the buffer overflow condition is triggered which results in the RPC server from responding to further requests.
As this vulnerability is due to a buffer overflow condition, it may be possible to cause the RPC server to execute malicious attacker-supplied code. This, however, has not been confirmed.
It should be noted that only applications developed using the Interix SDK are vulnerable to this issue.
This vulnerability was first described in BugTraq ID 5869, Multiple Microsoft Services for Unix 3.0 Interix SDK Vulnerabilities.
Affected Products:
- Microsoft Services for Unix 3.0
References:
- Microsoft: Microsoft Security Bulletin MS02-057
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
