Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 31/12/2005 Updated: 05/09/2008

CVSS v2 Base Score: 5.6 | Impact Score: 9.2 | Exploitability Score: 1.9

VMScore: 498

Vector: AV:L/AC:H/Au:N/C:C/I:N/A:C

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

Vulnerable Product	Search on Vulmon	Subscribe to Product
austin group posix

NVD-CWE-Other http://www.securityfocus.com/archive/1/415781 http://www.securityfocus.com/archive/1/415790/30/0/threaded http://www.securityfocus.com/archive/1/415995/30/0/threaded http://www.securityfocus.com/archive/1/415998/30/0/threaded http://www.securityfocus.com/archive/1/415999/30/0/threaded http://www.securityfocus.com/archive/1/416002/30/0/threaded http://www.securityfocus.com/archive/1/416048/30/0/threaded http://womble.decadentplace.org.uk/readdir_r-advisory.html http://www.securityfocus.com/bid/15259 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4784

Vulnerability Summary

References

Vulmon Search

About

Products

Connect