Microsoft Services for Unix (SFU) 3.0 Interix SDK is a development environment used to port Unix applications to the Microsoft Windows Platform. Three vulnerabilities have been reported to affect applications built with SFU 3.0 Interix SDK. The issues are related to the Interix implementation of SunRPC. The first vulnerability is an integer overflow in the function that allocates memory for an External Data Representation (XDR) array. This vulnerability may be exploited to cause a denial of service or possibly execute arbitrary code. This vulnerability is BID 5356. The second vulnerability is a denial of service. It is possible for RPC clients to transmit data in fragments of variable size. By sending malformed fragments, it is possible to leave the target server in an unresponsive state. This may be because the server is waiting for a final fragment which the attacker intentionally does not send. When the target server is hung, it will not respond to other clients. The third...
Microsoft Services for Unix (SFU) 3.0 Interix SDK is a development environment used to port Unix applications to the Microsoft Windows Platform. Three vulnerabilities have been reported to affect applications built with SFU 3.0 Interix SDK. The issues are related to the Interix implementation of SunRPC. The first vulnerability is an integer overflow in the function that allocates memory for an External Data Representation (XDR) array. This vulnerability may be exploited to cause a denial of service or possibly execute arbitrary code. This vulnerability is BID 5356. The second vulnerability is a denial of service. It is possible for RPC clients to transmit data in fragments of variable size. By sending malformed fragments, it is possible to leave the target server in an unresponsive state. This may be because the server is waiting for a final fragment which the attacker intentionally does not send. When the target server is hung, it will not respond to other clients. The third vulnerability is also related to handling of client-supplied packet fragments. According to Microsoft, the SunRPC implementation does not correctly check the size of received packets. By transmitting malformed data to a target server, an attacker may create a denial of service condition. It should be noted that only applications developed using the Interix SDK are vulnerable. **Note: This database entry is temporary. New vulnerabilities are to be given unique Bugtraq IDs and alerts will be published for each individual issue. This BID will be retired when analysis is complete.
