Launchpad.net

CVE 2008-0947

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

Related bugs and status

CVE-2008-0947 (Candidate) is related to these bugs:

Bug #210172: [CVE-2007-5971] Kerberos vulnerability

Summary				In	Importance	Status
	210172	[CVE-2007-5971] Kerberos vulnerability		krb5 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://web.mit.edu/ker...
CERT-VN: VU#374121
MANDRIVA: MDVSA-2008:070
SUSE: SUSE-SA:2008:016
UBUNTU: USN-587-1
SECUNIA: 29428
SECUNIA: 29438
CONFIRM: http://wiki.rpath.com/...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1524
FEDORA: FEDORA-2008-2637
FEDORA: FEDORA-2008-2647
GENTOO: GLSA-200803-31
MANDRIVA: MDVSA-2008:069
REDHAT: RHSA-2008:0164
BID: 28302
SECTRACK: 1019631
SECUNIA: 29435
SECUNIA: 29451
SECUNIA: 29457
SECUNIA: 29464
SECUNIA: 29462
SECUNIA: 29516
CERT: TA08-079B
CONFIRM: http://support.novell....
CONFIRM: http://support.novell....
SECUNIA: 29663
SREASON: 3752
SECUNIA: 29424
VUPEN: ADV-2008-0922
VUPEN: ADV-2008-1102
HP: HPSBOV02682
HP: SSRT100495
XF: krb5-rpclibrary-bo(41273)
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080318 MITKRB5-SA-20...
BUGTRAQ: 20080318 MITKRB5-SA-20...
BUGTRAQ: 20080319 rPSA-2008-011...