exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2008-0947

Status Candidate

Overview

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

Related Files

HP Security Bulletin HPSBOV02682 SSRT100495
Posted May 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02682 SSRT100495 - Potential vulnerabilities have been identified with HP OpenVMS running Kerberos. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-0062, CVE-2008-0947, CVE-2008-0948, CVE-2009-0846, CVE-2009-4212, CVE-2010-1323
MD5 | 2037077904f08f30f6a0915a2acf36d4
Gentoo Linux Security Advisory 200803-31
Posted Mar 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-31 - Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply. Versions less than 1.6.3-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
MD5 | d97e73211f5b32866700162abb9e1ca9
Mandriva Linux Security Advisory 2008-070
Posted Mar 19, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.

tags | advisory, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
MD5 | 8ba4d1328a316a691973ae95f6458a4e
Mandriva Linux Security Advisory 2008-069
Posted Mar 19, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.

tags | advisory, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
MD5 | 7cd1aabc1eaf6d7072305b7a892a98bf
SUSE-SA-2008-016.txt
Posted Mar 19, 2008
Site suse.com

SUSE Security Announcement - The krb5 package has had multiple vulnerabilities patched including a dangling pointer issue, information leak, and out-of-bound array access flaws.

tags | advisory, vulnerability
systems | linux, suse
advisories | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947, CVE-2008-0948
MD5 | 9b03a2a9416d9f9c958dc62dc3af9833
Ubuntu Security Notice 587-1
Posted Mar 19, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 587-1 - It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. A flaw was discovered in the kadmind service's handling of file descriptors. An unauthenticated remote attacker could send specially crafted requests that would cause a crash, resulting in a denial of service. Only systems with configurations allowing large numbers of open file descriptors were vulnerable.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
MD5 | ab3a961b4c4a04f96d6480a80163e5d1
Debian Linux Security Advisory 1524-1
Posted Mar 19, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
MD5 | 6d2bce7caab09eb36eab512d2b157d88
MITKRB5-SA-2008-002.txt
Posted Mar 19, 2008
Site web.mit.edu

MIT krb5 Security Advisory 2008-002 - Two bugs in the RPC library server code, used in the kadmin server, causes an array overrun if too many file descriptors are opened. Memory corruption can result.

tags | advisory, overflow
advisories | CVE-2008-0947, CVE-2008-0948
MD5 | 548fe30eb399d6ce1de24ef032f0fda9
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close