Obscure RPC Lib Could Leave Win 2K, Linux, And OS X Vulnerable

Itis been said that the devil is in the details, and the adage seems especially true with operating systems. eWeek reports that a library for Remote Procedure Calls (RPC), an often used function on a variety of popular operating systems, contains an exploitable bit of code, thus leaving computers that run Windows 2000, Linux, UNIX, and OS X vulnerable to attacks by hackers. This from the eWeek article titled Flaw Affects Windows 2000, Linux, Mac OS X:

Researchers have identified a security flaw in a code library included in numerous popular applications that could enable an attacker to execute code on remote servers.

The problem affects the External Data Representation (XDR) libraries derived from Sun Microsystems Inc.is SunRPC remote procedure call technology. XDR libraries are used to translate data between systems, regardless of their architecture.

There is a buffer overflow in the "xdr_array" function in the Sun library, and therefore in the numerous libraries derived from it that other vendors have implemented in their applications. The consequences of a successful exploitation of the vulnerability could vary widely depending on the affected application, but will range from disclosure of sensitive information to remote execution of code, according to an advisory published Tuesday by the CERT/CC Coordination Center at Carnegie Mellon University in Pittsburgh.

More information can be found in the full article.