Podatność CVE-2005-0373


Publikacja: 2004-10-07   Modyfikacja: 2012-02-12

Opis:
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Producent: Redhat
Produkt: Fedora core 
Wersje: core_1.0;
Producent: SUSE
Produkt: Suse linux 
Wersje:
9.2
9.1
9.0
8.2
8.1
8.0
1.0
Produkt: Suse cvsup 
Wersje: 16.1h_36.i586;
Producent: Conectiva
Produkt: Linux 
Wersje: 9.0; 10.0;
Producent: Openpkg
Produkt: Openpkg 
Wersje: 2.2; 2.1;
Producent: Cyrus
Produkt: SASL 
Wersje:
2.1.9
2.1.18_r1
2.1.18
2.1.17
2.1.16
2.1.15
2.1.14
2.1.13
2.1.12
2.1.11
2.1.10
1.5.28
1.5.27
1.5.24
Producent: Apple
Produkt: Mac os x server 
Wersje:
10.3.8
10.3.7
10.3.6
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3
10.2.8
10.2.7
10.2.6
10.2.5
10.2.4
10.2.3
10.2.2
10.2.1
10.2
10.1.5
10.1.4
10.1.3
10.1.2
10.1.1
10.1
10.0
Produkt: Mac os x 
Wersje:
10.3.8
10.3.7
10.3.6
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3
10.2.8
10.2.7
10.2.6
10.2.5
10.2.4
10.2.3
10.2.2
10.2.1
10.2
10.1.5
10.1.4
10.1.3
10.1.2
10.1.1
10.1
10.0.4
10.0.3
10.0.2
10.0.1
10.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.5/10
6.4/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy

 Referencje:
http://xforce.iss.net/xforce/xfdb/17642
http://www.securityfocus.com/bid/11347
http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
http://www.linuxcompatible.org/print42495.html
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171
http://www.mandriva.com/security/advisories?name=MDKSA-2005:054

Podobne CVE
CVE-2019-9536
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha...
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f...
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...

Copyright 2019, cxsecurity.com

 

Back to Top