Flaw Affects Solaris, Linux, Mac OS X | eWeek

Flaw Affects Solaris, Linux, Mac OS X

Written By
Dennis Fisher
Dennis Fisher
Aug 6, 2002
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Researchers have identified a security flaw in a code library included in numerous popular applications that could enable an attacker to execute code on remote servers.

The problem affects the External Data Representation (XDR) libraries derived from Sun Microsystems Inc.s SunRPC remote procedure call technology. XDR libraries are used to translate data between systems, regardless of their architecture.

There is a buffer overflow in the “xdr_array” function in the Sun library, and therefore in the numerous libraries derived from it that other vendors have implemented in their applications. The consequences of a successful exploitation of the vulnerability could vary widely depending on the affected application, but will range from disclosure of sensitive information to remote execution of code, according to an advisory published Tuesday by the CERT/CC Coordination Center at Carnegie Mellon University in Pittsburgh.

Among the affected services are the Kerberos 5 administration daemon and versions 2.2.5 and earlier of the GNU C Library. Kerberos, a network authentication protocol, is among the most widely deployed services of its kind and is included in dozens of applications, including Windows 2000.

According to the CERT bulletin, an attacker who is able to exploit the XDR overflow in Kerberos may be able to gain control of the services Key Distribution Center, thereby enabling the attacker to authenticate to other services within Kerberos trusted realm.

Microsoft Corp. said it is still trying to determine whether this vulnerability affects Windows 2000 and its other products.

Versions 2.5.1 through 9 of Suns Solaris operating system are also vulnerable, as is Apple Computer Inc.s Mac OS X and all of Red Hat Inc.s Linux distributions.

Most of the affected vendors have released patches. A full list of vulnerable services and applications is included in the CERT bulletin, available here.

Apple issued a security update on Friday that fixed several problems, including the XDR issue.

Related Stories:

  • Security Hole Found in Symantecs Firewall
  • More Security Coverage
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.