CVE-2005-4784

Name of the Vulnerable Software and Affected Versions gcj (affected versions not specified) KDE (affected versions not specified) libwww (affected versions not specified) Rudiments library (affected versions not specified) teTeX (affected versions not specified) xmail (affected versions not specified) bfbtester (affected versions not specified) ncftp (affected versions not specified) netwib (affected versions not specified) OpenOffice.org (affected versions not specified) Pike (affected versions not specified) reprepro (affected versions not specified) Tcl (affected versions not specified) xgsmlib (affected versions not specified)

Description The issue is related to multiple buffer overflows in the POSIX readdir r function. This can be exploited by local users to cause a denial of service and possibly execute arbitrary code. The exploitation can occur via a symlink attack that exploits a race condition between opendir and pathcon calls, changing the filesystem to one with a larger maximum directory-entry name length. Additionally, programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, may also lead to exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.