SunRPC-Derived XDR Library Contains Bug

A potentially dangerous vulnerability has been detected in SunRPC-derived
XDR libraries and the CERT Coordination Center (CERT/CC) has warned that
exploitation could lead to denial of service, execution of arbitrary code,
or the disclosure of sensitive information.

In an advisory,
CERT warned that the integer overflow xdr_array() function in Sun
Microsystems’ XDR library can lead to remotely
exploitable buffer overflows in multiple applications.

Although the XDR library was originally distributed by Sun Microsystems,
multiple vendors have included the vulnerable code in their own
implementations, the center said, urging individual vendor patches be
implemented to guard against remote attacks.

The bug, which was detected by Internet Security Systems (ISS), affected
applications like Sun Microsystems network services library (libnsl),
BSD-derived libraries with XDR/RPC routines (libc) and the GNU C library
with sunrpc (glibc).

“Specific impacts reported include the ability to execute arbitrary code
with root privileges (by exploiting dmispd, rpc.cmsd, or kadmind, for
example). In addition, intruders who exploit the XDR overflow in MIT KRB5
kadmind may be able to gain control of a Key Distribution Center (KDC) and
improperly authenticate to other services within a trusted Kerberos realm,”
CERT warned.

The XDR libraries provide platform-independent methods for sending data from
one system process to another over a network connection. The group said the
xdr_array() function in the XDR library contained an integer overflow that
can lead to improperly sized dynamic memory allocation.

“Subsequent problems like buffer overflows may result, depending on how and
where the vulnerable xdr_array() function is used,” it added.

Research from the ISS showed the bug allowed the execution of arbitrary code
with root privileges (exploiting dmispd, rpc.cmsd, or kadmind, for
example). In addition, the security researchers found intruders who
exploited the XDR overflow in MIT KRB5 kadmind could gain control of a Key
Distribution Center (KDC) and improperly authenticate to other services
within a trusted Kerberos realm.

Because the XDR libraries are used by multiple applications on most systems,
CERT urged an immediate software upgrade. Users should also apply multiple
patches and then recompile statically linked applications.

News Around the Web