Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4784

Overview

Vulnerability Score 5.6 5.6
CVE Id CVE-2005-4784
Last Modified 05 Sep 2008 04:57:49
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-4784

Summary

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

Vulnerable Systems

Operating System

  • Austin Group Posix


References

BID - 15259

BUGTRAQ - 20051108 Re: readdir_r considered harmful

BUGTRAQ - 20051106 Re: readdir_r considered harmful

BUGTRAQ - 20051105 Re: readdir_r considered harmful

BUGTRAQ - 20051101 readdir_r considered harmful

MISC - http://womble.decadentplace.org.uk/readdir_r-advisory.html


Last Updated: 27 May 2016 10:41:26