CVE-2008-0948

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-0948

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-0948.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-0948

Downstream

DEBIAN-CVE-2008-0948

RHSA-2008:0181

Published

2008-03-19T00:44:00Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

Buffer overflow in the RPC library (lib/rpc/rpcdtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FDSETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

References

http://secunia.com/advisories/29423
http://secunia.com/advisories/29424
http://secunia.com/advisories/29428
http://secunia.com/advisories/29663
http://secunia.com/advisories/30535
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://securityreason.com/securityalert/3752
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://www.kb.cert.org/vuls/id/374121
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.securityfocus.com/archive/1/489762/100/0/threaded
http://www.securityfocus.com/archive/1/489784/100/0/threaded
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/28302
http://www.securitytracker.com/id?1019631
http://www.us-cert.gov/cas/techalerts/TA08-079B.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9209

CVE-2008-0948

Affected packages