Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0947

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0947
Last Modified 06 Sep 2011 10:43:48
Published 18 Mar 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0947

Summary

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

Vulnerable Systems

Application

  • Mit Kerberos 5 1.6.3

  • Mit Kerberos 5-1.4

  • Mit Kerberos 5-1.4.1

  • Mit Kerberos 5-1.4.2

  • Mit Kerberos 5-1.4.3

  • Mit Kerberos 5-1.4.4

  • Mit Kerberos 5-1.5

  • Mit Kerberos 5-1.5.1

  • Mit Kerberos 5-1.5.2

  • Mit Kerberos 5-1.5.3

  • Mit Kerberos 5-1.6

  • Mit Kerberos 5-1.6.1

  • Mit Kerberos 5-1.6.2


References

CERT-VN - VU#374121

CERT - TA08-079B

XF - krb5-rpclibrary-bo(41273)

VUPEN - ADV-2008-1102

VUPEN - ADV-2008-0922

BUGTRAQ - 20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)

BUGTRAQ - 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt

HP - HPSBOV02682

HP - SSRT100495

FEDORA - FEDORA-2008-2647

FEDORA - FEDORA-2008-2637

UBUNTU - USN-587-1

SECTRACK - 1019631

BID - 28302

BUGTRAQ - 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

REDHAT - RHSA-2008:0164

MANDRIVA - MDVSA-2008:070

MANDRIVA - MDVSA-2008:069

DEBIAN - DSA-1524

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0112

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

SREASON - 3752

GENTOO - GLSA-200803-31

SECUNIA - 29663

SECUNIA - 29516

SECUNIA - 29464

SECUNIA - 29462

SECUNIA - 29457

SECUNIA - 29451

SECUNIA - 29438

SECUNIA - 29435

SECUNIA - 29428

SECUNIA - 29424

SUSE - SUSE-SA:2008:016

Related Patches

Novell SUSE 2008:5082 krb5 security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:58