CVE-2008-0947
published 2008-03-19CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.83%
94.5th percentile
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.3~beta1-4 (bookworm) | krb5 1.6.dfsg.3~beta1-4 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
| mit | krb5 | >= 0 < 1.6.dfsg.3~beta1-4 | 1.6.dfsg.3~beta1-4 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
vendor_redhat10.0CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2008-03-19·CVSS 9.8
CVE-2008-0062 [CRITICAL] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
It was discovered that krb5 did not correctly handle certain krb4
requests. An unauthenticated remote attacker could exploit this flaw
by sending a specially crafted traffic, which could expose sensitive
information, cause a crash, or execute arbitrary code. (CVE-2008-0062,
CVE-2008-0063)
A flaw was discovered in the kadmind service's handling of file
descriptors. An unauthenticated remote attacker could send specially
crafted requests that would cause a crash, resulting in a denial of
service. Only systems with configurations allowing large numbers of
open file descriptors were vulnerable. (CVE-2008-0947)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb5: file descriptor array overflow in RPC library
vendor_redhat·2008-03-18·CVSS 10.0
CVE-2008-0947 [CRITICAL] krb5: file descriptor array overflow in RPC library
krb5: file descriptor array overflow in RPC library
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Debian
CVE-2008-0947: krb5 - Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos...
vendor_debian·2008·CVSS 10.0
CVE-2008-0947 [CRITICAL] CVE-2008-0947: krb5 - Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos...
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.3~beta1-4)
bullseye: resolved (fixed in 1.6.dfsg.3~beta1-4)
forky: resolved (fixed in 1.6.dfsg.3~beta1-4)
sid: resolved (fixed in 1.6.dfsg.3~beta1-4)
trixie: resolved (fixed in 1.6.dfsg.3~beta1-4)
GHSA
GHSA-w9c3-3cvm-x4wm: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1
ghsa_unreviewed·2022-05-01
CVE-2008-0947 [HIGH] CWE-119 GHSA-w9c3-3cvm-x4wm: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
OSV
CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1
osv·2008-03-19·CVSS 10.0
CVE-2008-0947 [CRITICAL] CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-0948 krb5: incorrect handling of high-numbered file descriptors in RPC library
bugzilla·2008-02-27·CVSS 10.0
CVE-2008-0948 [CRITICAL] CVE-2008-0948 krb5: incorrect handling of high-numbered file descriptors in RPC library
CVE-2008-0948 krb5: incorrect handling of high-numbered file descriptors in RPC library
While investigating issue CVE-2008-0947 reported by MIT Kerboros security team
for krb5 version 1.4 and newer, it was discovered that RPC library as shipped
with krb5 versions prior to 1.3 (i.e. as shipped with Red Hat Enterprise Linux
2.1 and 3) is affected by similar problem. Unauthenticated remote attacker
could cause application using RPC library (e.g. kadmind) to exit under certain
circumstances.
Problem exists in RPC library connection handling code that did not properly
handle situations when too many connections were opened.
Acknowledgements:
Red Hat would like to thank MIT for reporting this issue.
Discussion:
This issue was addressed upstream long ago via following patch:
http://anonsvn
Bugzilla
CVE-2008-0947 krb5: file descriptor array overflow in RPC library
bugzilla·2008-02-20·CVSS 10.0
CVE-2008-0947 [CRITICAL] CVE-2008-0947 krb5: file descriptor array overflow in RPC library
CVE-2008-0947 krb5: file descriptor array overflow in RPC library
MIT Kerberos Team reported following issue affecting RPC library server code
used by kadmin server:
A bug in the RPC library server code, used in the kadmin server,
causes an array overrun if too many file descriptors are opened.
Memory corruption can result.
Acknowledgements:
Red Hat would like to thank MIT and Jeff Altman of Secure Endpoints for reporting this issue.
Discussion:
Public now:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
Lifting embargo.
---
This issue only affected krb5 package in Red Hat Enterprise Linux 5 and Fedora.
However, default configuration did not affect default configuration. This issue
only affected systems configured to use higher resource limit than default 1024
for
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/29424http://secunia.com/advisories/29428http://secunia.com/advisories/29435http://secunia.com/advisories/29438http://secunia.com/advisories/29451http://secunia.com/advisories/29457http://secunia.com/advisories/29462http://secunia.com/advisories/29464http://secunia.com/advisories/29516http://secunia.com/advisories/29663http://security.gentoo.org/glsa/glsa-200803-31.xmlhttp://securityreason.com/securityalert/3752http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txthttp://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.debian.org/security/2008/dsa-1524http://www.kb.cert.org/vuls/id/374121http://www.mandriva.com/security/advisories?name=MDVSA-2008:069http://www.mandriva.com/security/advisories?name=MDVSA-2008:070http://www.redhat.com/support/errata/RHSA-2008-0164.htmlhttp://www.securityfocus.com/archive/1/489762/100/0/threadedhttp://www.securityfocus.com/archive/1/489784/100/0/threadedhttp://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/bid/28302http://www.securitytracker.com/id?1019631http://www.ubuntu.com/usn/usn-587-1http://www.us-cert.gov/cas/techalerts/TA08-079B.htmlhttp://www.vupen.com/english/advisories/2008/0922/referenceshttp://www.vupen.com/english/advisories/2008/1102/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41273https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497213107107&w=2http://secunia.com/advisories/29424http://secunia.com/advisories/29428http://secunia.com/advisories/29435http://secunia.com/advisories/29438http://secunia.com/advisories/29451http://secunia.com/advisories/29457http://secunia.com/advisories/29462http://secunia.com/advisories/29464http://secunia.com/advisories/29516http://secunia.com/advisories/29663http://security.gentoo.org/glsa/glsa-200803-31.xmlhttp://securityreason.com/securityalert/3752http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.htmlhttp://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txthttp://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.debian.org/security/2008/dsa-1524http://www.kb.cert.org/vuls/id/374121http://www.mandriva.com/security/advisories?name=MDVSA-2008:069http://www.mandriva.com/security/advisories?name=MDVSA-2008:070http://www.redhat.com/support/errata/RHSA-2008-0164.htmlhttp://www.securityfocus.com/archive/1/489762/100/0/threadedhttp://www.securityfocus.com/archive/1/489784/100/0/threadedhttp://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/bid/28302http://www.securitytracker.com/id?1019631http://www.ubuntu.com/usn/usn-587-1http://www.us-cert.gov/cas/techalerts/TA08-079B.htmlhttp://www.vupen.com/english/advisories/2008/0922/referenceshttp://www.vupen.com/english/advisories/2008/1102/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41273https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
2008-03-19
Published