NVD

Id
70373  
Name
CVE-2005-4784  
Description
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.  
Reject
 
CVSS Version
2  
CVSS Score
5.6  
Severity
Medium  
CVSS Base Score
5.6  
CVSS Impact Subscore
9.2  
CVSS Exploit Subscore
1.9  
CVSS Vector
(AV:L/AC:H/Au:N/C:C/I:N/A:C)  
Pub Date
2017-01-03  
Published
2005-12-31  
Modified Date
2008-09-05  
Seq
2005-4784  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
362710 70373 CVE-2005-4784 http://womble.decadentplace.org.uk/readdir_r-advisory.html  View
362711 70373 CVE-2005-4784 20051101 readdir_r considered harmful  View
362712 70373 CVE-2005-4784 20051105 Re: readdir_r considered harmful  View
362713 70373 CVE-2005-4784 20051105 Re: readdir_r considered harmful  View
362714 70373 CVE-2005-4784 20051106 Re: readdir_r considered harmful  View
362715 70373 CVE-2005-4784 20051106 Re: readdir_r considered harmful  View
362716 70373 CVE-2005-4784 20051106 Re: readdir_r considered harmful  View
362717 70373 CVE-2005-4784 20051108 Re: readdir_r considered harmful  View
362718 70373 CVE-2005-4784 15259  View

Related JVN