“Researchers have identified a security flaw in a code library
included in numerous popular applications that could enable an
attacker to execute code on remote servers.“The problem affects the External Data Representation (XDR)
libraries derived from Sun Microsystems Inc.’s SunRPC remote
procedure call technology. XDR libraries are used to translate data
between systems, regardless of their architecture.“There is a buffer overflow in the ‘xdr_array’ function in the
Sun library, and therefore in the numerous libraries derived from
it that other vendors have implemented in their applications. The
consequences of a successful exploitation of the vulnerability
could vary widely depending on the affected application, but will
range from disclosure of sensitive information to remote execution
of code, according to an advisory published Tuesday by the CERT/CC
Coordination Center at Carnegie Mellon University in
Pittsburgh…”