Vulnerability Details : CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2008-0948
- cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0948
18.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0948
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-0948
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0948
-
http://secunia.com/advisories/29423
About Secunia Research | Flexera
-
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
VMSA-2008-0009.2
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
HTTP 404 Page Not Found
-
http://www.securityfocus.com/archive/1/493080/100/0/threaded
-
http://www.us-cert.gov/cas/techalerts/TA08-079B.html
Page Not Found | CISAUS Government Resource
-
http://secunia.com/advisories/29428
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/30535
About Secunia Research | Flexera
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
[security-announce] SUSE Security Announcement: krb5 (SUSE-SA:2008:016) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.kb.cert.org/vuls/id/374121
VU#374121 - MIT Kerberos contains array overrun in RPC library used by kadmindUS Government Resource
-
http://www.redhat.com/support/errata/RHSA-2008-0181.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209
404 Not Found
-
http://securityreason.com/securityalert/3752
double-free, uninitialized data vulnerabilities in krb5kdc - CXSecurity.com
-
http://www.vupen.com/english/advisories/2008/1744
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
HTTP 404 Page Not Found
-
http://www.securityfocus.com/archive/1/489762/100/0/threaded
-
http://marc.info/?l=bugtraq&m=130497213107107&w=2
'[security bulletin] HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Ser' - MARC
-
http://secunia.com/advisories/29663
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/1102/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/archive/1/489784/100/0/threaded
-
http://www.securityfocus.com/bid/28302
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
-
http://www.vupen.com/english/advisories/2008/0922/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/29424
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41274
MIT Kerberos 5 (krb5) RPC library FD_SETSIZE buffer overflow CVE-2008-0948 Vulnerability Report
-
http://www.securitytracker.com/id?1019631
GoDaddy Domain Name Search
Jump to