| Vulnerability Name: | CVE-2005-4784 (CCN-26336) | ||||||||
| Assigned: | 2005-10-31 | ||||||||
| Published: | 2005-10-31 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib. | ||||||||
| CVSS v3 Severity: | 6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 5.6 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Oct 31 2005 - 21:57:03 CST readdir_r considered harmful Source: CCN Type: BFBTester Web site BFBTester: Brute Force Binary Tester Source: MITRE Type: CNA CVE-2005-4784 Source: CCN Type: GCJ Web site GCJ: The GNU Compiler for Java - GNU Project - Free Software Foundation Source: CCN Type: saods9 Web site DS9 Source: CCN Type: reprepro Web site reprepro (formerly mirrorer) Source: CCN Type: Rudiments Web site firsteorks: rudiments Source: MISC Type: Vendor Advisory http://womble.decadentplace.org.uk/readdir_r-advisory.html Source: CCN Type: xmail Web site xmail Source: CCN Type: KDE Web site K Desktop Environment - Conquer your Desktop! Source: CCN Type: POSIX Web site POSIX Source: CCN Type: netwib Web site Network library netwib Source: CCN Type: NcFTP Web site NcFTP Client Source: CCN Type: OpenOffice.org Web site OpenOffice.org: Home Source: CCN Type: OSVDB ID: 30975 POSIX readdir_r Function Local Overflow Source: CCN Type: xgsmlib Web site pxh: xgsmlib Source: CCN Type: Roxen Web site Roxen CMS Source: BUGTRAQ Type: UNKNOWN 20051101 readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051105 Re: readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051105 Re: readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051106 Re: readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051106 Re: readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051106 Re: readdir_r considered harmful Source: BUGTRAQ Type: UNKNOWN 20051108 Re: readdir_r considered harmful Source: BID Type: UNKNOWN 15259 Source: CCN Type: BID-15259 Multiple Vendor ReadDir_R Buffer Overflow Vulnerability Source: CCN Type: Tcl Web site Tcl Developer Site Source: CCN Type: teTeX Web site The teTeX Homepage Source: CCN Type: libwww Web site Libwww - the W3C Protocol Library Source: XF Type: UNKNOWN posix-readdirr-bo(26336) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||