{"vuid":"VU#38336","idnumber":"38336","name":"MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'","keywords":["MIT Kerberos 5","ksu","buffer overflow"],"overview":"","clean_desc":"From the reporter: Time-interval parsing for the \"-r\" and \"-l\" command-line options calls a library routine which uses sscanf(\"%d%[d]\") and passes the address of an automatic int variable to correspond to the second %-sequence. But the %[ sequence needs an arbitrarily large string buffer. So it's possible to get an arbitrary-length string consisting entirely of the letter 'd' written to the stack. Other sscanf formats it tries to use will also allow a string of 'h', 'm', or 's' characters to be written, with all characters the same in any string.","impact":"Local user may be able to crash the machine by overwriting the stack with the characters 'd', 'h', 'm', or 's'","resolution":"","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jeff S Havrilla.","public":[],"cveids":["CVE-2000-0392"],"certadvisory":"CA-2000-06","uscerttechnicalalert":null,"datecreated":"1999-11-03T15:14:28Z","publicdate":"2000-05-16T00:00:00Z","datefirstpublished":"2000-10-19T21:46:33Z","dateupdated":"2003-04-11T22:28:41Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}