CVE-2008-0948

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428 Vendor Advisory
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
http://securityreason.com/securityalert/3752
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
http://www.kb.cert.org/vuls/id/374121 US Government Resource
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.securityfocus.com/archive/1/489762/100/0/threaded
http://www.securityfocus.com/archive/1/489784/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28302
http://www.securitytracker.com/id?1019631
http://www.us-cert.gov/cas/techalerts/TA08-079B.html US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/41274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428 Vendor Advisory
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
http://securityreason.com/securityalert/3752
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
http://www.kb.cert.org/vuls/id/374121 US Government Resource
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.securityfocus.com/archive/1/489762/100/0/threaded
http://www.securityfocus.com/archive/1/489784/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28302
http://www.securitytracker.com/id?1019631
http://www.us-cert.gov/cas/techalerts/TA08-079B.html US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/41274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:43

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html -
References () http://marc.info/?l=bugtraq&m=130497213107107&w=2 - () http://marc.info/?l=bugtraq&m=130497213107107&w=2 -
References () http://secunia.com/advisories/29423 - () http://secunia.com/advisories/29423 -
References () http://secunia.com/advisories/29424 - () http://secunia.com/advisories/29424 -
References () http://secunia.com/advisories/29428 - Vendor Advisory () http://secunia.com/advisories/29428 - Vendor Advisory
References () http://secunia.com/advisories/29663 - () http://secunia.com/advisories/29663 -
References () http://secunia.com/advisories/30535 - () http://secunia.com/advisories/30535 -
References () http://securityreason.com/securityalert/3752 - () http://securityreason.com/securityalert/3752 -
References () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html - () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html -
References () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html - () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html -
References () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt - () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt -
References () http://www.kb.cert.org/vuls/id/374121 - US Government Resource () http://www.kb.cert.org/vuls/id/374121 - US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2008-0181.html - () http://www.redhat.com/support/errata/RHSA-2008-0181.html -
References () http://www.securityfocus.com/archive/1/489762/100/0/threaded - () http://www.securityfocus.com/archive/1/489762/100/0/threaded -
References () http://www.securityfocus.com/archive/1/489784/100/0/threaded - () http://www.securityfocus.com/archive/1/489784/100/0/threaded -
References () http://www.securityfocus.com/archive/1/493080/100/0/threaded - () http://www.securityfocus.com/archive/1/493080/100/0/threaded -
References () http://www.securityfocus.com/bid/28302 - () http://www.securityfocus.com/bid/28302 -
References () http://www.securitytracker.com/id?1019631 - () http://www.securitytracker.com/id?1019631 -
References () http://www.us-cert.gov/cas/techalerts/TA08-079B.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA08-079B.html - US Government Resource
References () http://www.vmware.com/security/advisories/VMSA-2008-0009.html - () http://www.vmware.com/security/advisories/VMSA-2008-0009.html -
References () http://www.vupen.com/english/advisories/2008/0922/references - () http://www.vupen.com/english/advisories/2008/0922/references -
References () http://www.vupen.com/english/advisories/2008/1102/references - () http://www.vupen.com/english/advisories/2008/1102/references -
References () http://www.vupen.com/english/advisories/2008/1744 - () http://www.vupen.com/english/advisories/2008/1744 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41274 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41274 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209 -
Information

Published : 2008-03-19 00:44

Updated : 2025-04-09 00:30

NVD link : CVE-2008-0948

Mitre link : CVE-2008-0948

CVE.ORG link : CVE-2008-0948

JSON object : View

Products Affected

mit

  • kerberos_5
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer