ID CVE-2005-4784
Summary Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.
References
Vulnerable Configurations
  • cpe:2.3:o:austin_group:posix:*:*:*:*:*:*:*:*
    cpe:2.3:o:austin_group:posix:*:*:*:*:*:*:*:*
CVSS
Base: 5.6 (as of 05-09-2008 - 20:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:N/A:C
refmap via4
bid 15259
bugtraq
  • 20051101 readdir_r considered harmful
  • 20051105 Re: readdir_r considered harmful
  • 20051106 Re: readdir_r considered harmful
  • 20051108 Re: readdir_r considered harmful
misc http://womble.decadentplace.org.uk/readdir_r-advisory.html
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement This issue did not affect the Linux glibc.
Last major update 05-09-2008 - 20:57
Published 31-12-2005 - 05:00
Last modified 05-09-2008 - 20:57
Back to Top