Integer Overflow in XDR Library Routines in Interix SDK (817381)


The information in this article applies to:

  • Microsoft Windows Services for UNIX 3.0

SUMMARY

The CERT Advisory CA-2003-10 reports that the Sun XML-Data Reduced (XDR) library has a possible buffer overflow in the XDR memory stream library (functions that begin with "xdrmem_"). The Interix Software Development Kit (SDK) that is included with Microsoft Windows Services for UNIX 3.0 includes an implementation of the Sun XDR library. The implementation contains a problem that is similar to the one that is mentioned in the CERT report. Installing the SDK does not make Windows Services for UNIX vulnerable. In some circumstances a third-party application can be vulnerable.

MORE INFORMATION

None of the components that are included with Windows Services for UNIX are vulnerable to the problem that is described in the CERT report.

A third-party application that uses the Interix SDK XDR library may be vulnerable. The application is vulnerable only under the following circumstances:
  • The application explicitly uses the XDR memory streams in the XDR library. XDR memory streams are created using the xdrmem_create function.

    Additionally, the application must do one of the following to be vulnerable:
    • The application uses the xdr_string, xdr_bytes, and xdr_opaque functions on the XDR memory stream giving a maximum size value that overflows when converted to a signed number.
    • The application uses the xdr_wrapstring function on the XDR memory stream.
The application is not vulnerable if it uses the Interix SDK or the Sun RPC library, but does not use the XDR library in the way that is described earlier.

Use the following guidelines to make sure that an application is not vulnerable to the reported vulnerability:
  1. Specify a maximum size less than or equal to 0x7FFFFFFF ((2^31) - 1) when you use the following functions on XDR Memory streams:
    • xdr_string
    • xdr_bytes
    • xdr_opaque
  2. Do not use the xdr_wrapstring function on XDR memory streams.

REFERENCES

For additional information, visit the following Carnegie Mellon Web site:

CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines
http://www.cert.org/advisories/CA-2003-10.html

Idea Section

VU#516825 - microsoft [lt]
Modification Type:MinorLast Reviewed:2/2/2004
Keywords:kbDSWSFU2003Swept kbinfo KB817381
©2004 Microsoft Corporation. All rights reserved.