CERT Advisory CA-2002-25 - The Sun Microsystems XDR library contains overflows which lead to exploitable vulnerabilities in many applications. The xdr_array() function commonly used in RPC calls is the source of the vulnerabilities. Specific impacts reported include the ability to execute arbitrary code with root privileges (by exploiting dmispd, rpc.cmsd, or kadmind, for example). In addition, intruders who exploit the XDR overflow in MIT KRB5 kadmind may be able to gain control of a Key Distribution Center (KDC) and improperly authenticate to other services within a trusted Kerberos realm.
209ab6a8dd466964ffdd192ca43c9244406693927eabbe8e3aa6da1189f63d36