[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-0948

Date: (C)2008-03-18   (M)2017-10-04 


Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1019631
20080318
http://www.securityfocus.com/archive/1/archive/1/489762/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/489784/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
BID-28302
SECUNIA-29423
SECUNIA-29424
SECUNIA-29428
SECUNIA-29663
SECUNIA-30535
SREASON-3752
ADV-2008-0922
ADV-2008-1102
ADV-2008-1744
HPSBOV02682
IAVM:2008-B-0024
RHSA-2008:0181
SSRT100495
SUSE-SA:2008:016
TA08-079B
VU#374121
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
krb5-rpclibrary-fdsetsize-bo(41274)

CPE    1
cpe:/a:mit:kerberos:5-1.2.2
CWE    1
CWE-119

© 2013 SecPod Technologies