Vulnerability Details : CVE-2005-4784

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.
Publish Date : 2005-12-31 Last Update Date : 2008-09-05

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	5.6
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflow
CWE ID	CWE id is not defined for this vulnerability

- Vendor Statements

This issue did not affect the Linux glibc.
Source: Redhat

- Products Affected By CVE-2005-4784

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Austin Group	Posix					Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Austin Group	Posix	1

- References For CVE-2005-4784

http://womble.decadentplace.org.uk/readdir_r-advisory.html

http://www.securityfocus.com/archive/1/415781
BUGTRAQ 20051101 readdir_r considered harmful

http://www.securityfocus.com/archive/1/415790/30/0/threaded
BUGTRAQ 20051105 Re: readdir_r considered harmful

http://www.securityfocus.com/archive/1/415995/30/0/threaded
BUGTRAQ 20051105 Re: readdir_r considered harmful

http://www.securityfocus.com/archive/1/415998/30/0/threaded
BUGTRAQ 20051106 Re: readdir_r considered harmful

http://www.securityfocus.com/archive/1/415999/30/0/threaded
BUGTRAQ 20051106 Re: readdir_r considered harmful

http://www.securityfocus.com/archive/1/416002/30/0/threaded
BUGTRAQ 20051106 Re: readdir_r considered harmful

http://www.securityfocus.com/bid/15259
BID 15259 Multiple Vendor ReadDir_R Buffer Overflow Vulnerability Release Date:2005-11-01

http://www.securityfocus.com/archive/1/416048/30/0/threaded
BUGTRAQ 20051108 Re: readdir_r considered harmful

- Metasploit Modules Related To CVE-2005-4784

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)