Vulnerability Details : CVE-2008-0947
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0947
- cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0947
46.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0947
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-0947
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0947
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
HTTP 404 Page Not Found
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
-
http://www.us-cert.gov/cas/techalerts/TA08-079B.html
Page Not Found | CISAUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Advisories | Mandriva
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
[security-announce] SUSE Security Announcement: krb5 (SUSE-SA:2008:016) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.kb.cert.org/vuls/id/374121
VU#374121 - MIT Kerberos contains array overrun in RPC library used by kadmindUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Advisories | Mandriva
-
http://securityreason.com/securityalert/3752
double-free, uninitialized data vulnerabilities in krb5kdc - CXSecurity.com
-
http://www.ubuntu.com/usn/usn-587-1
USN-587-1: Kerberos vulnerabilities | Ubuntu security notices | Ubuntu
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
HTTP 404 Page Not Found
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
[SECURITY] Fedora 8 Update: krb5-1.6.2-14.fc8
-
http://www.securityfocus.com/archive/1/489762/100/0/threaded
-
http://security.gentoo.org/glsa/glsa-200803-31.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200803-31) — Gentoo security
-
http://marc.info/?l=bugtraq&m=130497213107107&w=2
'[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Ser' - MARC
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984
404 Not Found
-
http://wiki.rpath.com/Advisories:rPSA-2008-0112
-
http://www.vupen.com/english/advisories/2008/1102/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/archive/1/489784/100/0/threaded
-
http://www.securityfocus.com/archive/1/489883/100/0/threaded
-
http://www.securityfocus.com/bid/28302
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
-
http://www.redhat.com/support/errata/RHSA-2008-0164.html
Support
-
http://www.vupen.com/english/advisories/2008/0922/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.debian.org/security/2008/dsa-1524
Debian -- Security Information -- DSA-1524-1 krb5
-
http://www.securitytracker.com/id?1019631
GoDaddy Domain Name Search
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41273
MIT Kerberos 5 (krb5) RPC library buffer overflow CVE-2008-0947 Vulnerability Report
Jump to