CVE-2008-0948

Publication date 19 March 2008

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
https://www.cve.org/CVERecord?id=CVE-2008-0948