Microsoft KB Archive/817381

= Integer Overflow in XDR Library Routines in Interix SDK =

Article ID: 817381

Article Last Modified on 2/2/2004

-

APPLIES TO


 * Microsoft Windows Services for UNIX 3.0 Standard Edition

-





SUMMARY
The CERT Advisory CA-2003-10 reports that the Sun XML-Data Reduced (XDR) library has a possible buffer overflow in the XDR memory stream library (functions that begin with &quot;xdrmem_&quot;). The Interix Software Development Kit (SDK) that is included with Microsoft Windows Services for UNIX 3.0 includes an implementation of the Sun XDR library. The implementation contains a problem that is similar to the one that is mentioned in the CERT report. Installing the SDK does not make Windows Services for UNIX vulnerable. In some circumstances a third-party application can be vulnerable.



MORE INFORMATION
None of the components that are included with Windows Services for UNIX are vulnerable to the problem that is described in the CERT report.

A third-party application that uses the Interix SDK XDR library may be vulnerable. The application is vulnerable only under the following circumstances:
 * The application explicitly uses the XDR memory streams in the XDR library. XDR memory streams are created using the xdrmem_create function.

Additionally, the application must do one of the following to be vulnerable:
 * The application uses the xdr_string, xdr_bytes, and xdr_opaque functions on the XDR memory stream giving a maximum size value that overflows when converted to a signed number.
 * The application uses the xdr_wrapstring function on the XDR memory stream.

The application is not vulnerable if it uses the Interix SDK or the Sun RPC library, but does not use the XDR library in the way that is described earlier.

Use the following guidelines to make sure that an application is not vulnerable to the reported vulnerability:
 * 1) Specify a maximum size less than or equal to 0x7FFFFFFF ((2^31) - 1) when you use the following functions on XDR Memory streams:
 * 2) * xdr_string
 * 3) * xdr_bytes
 * 4) * xdr_opaque
 * 5) Do not use the xdr_wrapstring function on XDR memory streams.



VU#516825 - microsoft [lt]

Keywords: kbinfo kbdswsfu2003swept KB817381

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.