Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0948

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0948
Last Modified 06 Sep 2011 10:43:48
Published 18 Mar 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0948

Summary

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.2.2


References

CERT-VN - VU#374121

CERT - TA08-079B

XF - krb5-rpclibrary-fdsetsize-bo(41274)

VUPEN - ADV-2008-1744

VUPEN - ADV-2008-1102

VUPEN - ADV-2008-0922

BUGTRAQ - 20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)

BUGTRAQ - 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt

SECUNIA - 29428

HP - HPSBOV02682

HP - SSRT100495

SUSE - SUSE-SA:2008:016

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

SECTRACK - 1019631

BID - 28302

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

REDHAT - RHSA-2008:0181

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html

SREASON - 3752

SECUNIA - 30535

SECUNIA - 29663

SECUNIA - 29424

SECUNIA - 29423

Related Patches

Novell SUSE 2008:5082 krb5 security update for SLE 10 SP1 i586

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:46:58