{"vuid":"VU#840137","idnumber":"840137","name":"Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check","keywords":["Microsoft","Services for Unix 3.0","Interix SDK","buffer overrun","RPC request","improper parameter size check","Q329209","MS02-057"],"overview":"Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow.","clean_desc":"Quoting from Microsoft's Services for Unix 3.0 homepage, \"Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing UNIX-based environments.\" Interix SDK, \"...provides compilers, tools, libraries & debuggers for migrating applications on UNIX to run in a Windows environment.\" You might wonder how Windows Services for UNIX and Interix SDK are related. Microsoft states, \"The Interix technology provides a UNIX environment that runs on top the Windows kernel, enabling UNIX applications and scripts to run natively on the Windows platform alongside Windows applications. With this capability, an installation can continue to get value out of its UNIX scripts and applications.simply reuse them on Windows.\" \nA buffer overflow vulnerability in the RPC library can allow an attacker to mount a denial-of-service attack against the RPC server, causing other requests from legitimate clients to fail.","impact":"An unauthenticated remote attacker can mount a denial-of-service attack against the RPC server, causing other requests from legitimate clients to fail.","resolution":"Apply a patch.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Ian A Finlay. It is based on information provided by Microsoft.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","M","S","0","2","-","0","5","7",".","a","s","p"],"cveids":["CVE-2002-1140"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-10-03T13:01:42Z","publicdate":"2002-10-02T00:00:00Z","datefirstpublished":"2002-10-04T18:25:33Z","dateupdated":"2002-10-04T18:25:57Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"2.8125","cam_scorecurrentwidelyknown":"3.375","cam_scorecurrentwidelyknownexploited":"5.625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.8125,"vulnote":null}