Vulnerabilities > CVE-2005-4784 - Buffer Overflow vulnerability in Multiple Vendor ReadDir_R

047910
CVSS 5.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
COMPLETE
local
high complexity
austin-group

Summary

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

Vulnerable Configurations

Part Description Count
OS
Austin_Group
1

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementThis issue did not affect the Linux glibc.