SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#38336

MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'

Overview

I. Description

From the reporter:

Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf("%d%[d]") and passes the address of an automatic int variable to correspond to the second %-sequence. But the %[ sequence needs an arbitrarily large string buffer. So it's possible to get an arbitrary-length string consisting entirely of the letter 'd' written to the stack. Other sscanf formats it tries to use will also allow a string of 'h', 'm', or 's' characters to be written, with all characters the same in any string.

II. Impact

Local user may be able to crash the machine by overwriting the stack with the characters 'd', 'h', 'm', or 's'

III. Solution

Systems Affected
No Information Available

References

Credit

This document was written by Jeff S Havrilla.

Other Information

Date Public:2000-05-16
Date First Published:2000-10-19
Date Last Updated:2003-04-11
CERT Advisory:CA-2000-06
CVE-ID(s):CVE-2000-0392
NVD-ID(s):CVE-2000-0392
US-CERT Technical Alerts: 
Severity Metric:0.00
Document Revision:7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2000 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader