search menu icon-carat-right cmu-wordmark

CERT Coordination Center


MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'

Vulnerability Note VU#38336

Original Release Date: 2000-10-19 | Last Revised: 2003-04-11

Overview

Description

From the reporter:

Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf("%d%[d]") and passes the address of an automatic int variable to correspond to the second %-sequence. But the %[ sequence needs an arbitrarily large string buffer. So it's possible to get an arbitrary-length string consisting entirely of the letter 'd' written to the stack. Other sscanf formats it tries to use will also allow a string of 'h', 'm', or 's' characters to be written, with all characters the same in any string.

Impact

Local user may be able to crash the machine by overwriting the stack with the characters 'd', 'h', 'm', or 's'

Solution

Vendor Information

No information available at this time.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This document was written by Jeff S Havrilla.

Other Information

CVE IDs: CVE-2000-0392
CERT Advisory: CA-2000-06
Date Public: 2000-05-16
Date First Published: 2000-10-19
Date Last Updated: 2003-04-11 22:28 UTC
Document Revision: 7

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.