ByteOS Network

Vulnerability Details :

CVE-2005-4784

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-14 Apr, 2006 | 10:00

Updated At-16 Sep, 2024 | 19:36

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:14 Apr, 2006 | 10:00

Updated At:16 Sep, 2024 | 19:36

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/archive/1/416002/30/0/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/415781	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/415790/30/0/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/15259	vdb-entry x_refsource_BID
http://www.securityfocus.com/archive/1/415999/30/0/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/415998/30/0/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/415995/30/0/threaded	mailing-list x_refsource_BUGTRAQ
http://womble.decadentplace.org.uk/readdir_r-advisory.html	x_refsource_MISC
http://www.securityfocus.com/archive/1/416048/30/0/threaded	mailing-list x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/416002/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/415781

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/415790/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/bid/15259

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.securityfocus.com/archive/1/415999/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/415998/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/415995/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://womble.decadentplace.org.uk/readdir_r-advisory.html

Resource:

x_refsource_MISC

Hyperlink: http://www.securityfocus.com/archive/1/416048/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/archive/1/416002/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/archive/1/415781	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/archive/1/415790/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/bid/15259	vdb-entry x_refsource_BID x_transferred
http://www.securityfocus.com/archive/1/415999/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/archive/1/415998/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/archive/1/415995/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://womble.decadentplace.org.uk/readdir_r-advisory.html	x_refsource_MISC x_transferred
http://www.securityfocus.com/archive/1/416048/30/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/416002/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/415781

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/415790/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/bid/15259

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/415999/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/415998/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/415995/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://womble.decadentplace.org.uk/readdir_r-advisory.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/416048/30/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:31 Dec, 2005 | 05:00

Updated At:03 Apr, 2025 | 01:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.6	MEDIUM	AV:L/AC:H/Au:N/C:C/I:N/A:C

Type: Primary

Version: 2.0

Base score: 5.6

Base severity: MEDIUM

Vector:

AV:L/AC:H/Au:N/C:C/I:N/A:C

CPE Matches

austin_group>>posix>>*

cpe:2.3:o:austin_group:posix:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2006-08-30T00:00:00

This issue did not affect the Linux glibc.

References

Hyperlink	Source	Resource
http://womble.decadentplace.org.uk/readdir_r-advisory.html	cve@mitre.org	Vendor Advisory
http://www.securityfocus.com/archive/1/415781	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/415790/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/415995/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/415998/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/415999/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/416002/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/416048/30/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/15259	cve@mitre.org	N/A
http://womble.decadentplace.org.uk/readdir_r-advisory.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/archive/1/415781	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/415790/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/415995/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/415998/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/415999/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/416002/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/416048/30/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/15259	af854a3a-2127-422b-91ae-364da2661108	N/A