[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0948Date: (C)2008-03-18   (M)2023-12-22


Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019631
20080318
http://www.securityfocus.com/archive/1/489762/100/0/threaded
http://www.securityfocus.com/archive/1/489784/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
BID-28302
SECUNIA-29423
SECUNIA-29424
SECUNIA-29428
SECUNIA-29663
SECUNIA-30535
SREASON-3752
ADV-2008-0922
ADV-2008-1102
ADV-2008-1744
RHSA-2008:0181
SSRT100495
SUSE-SA:2008:016
TA08-079B
VU#374121
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
krb5-rpclibrary-fdsetsize-bo(41274)
oval:org.mitre.oval:def:9209

CWE    1
CWE-119

© SecPod Technologies