Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-2798

Source

Debian Bug report logs - #430785
CVE-2007-2798: kadmind vulnerable to buffer overflow

Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debian.org>; Source for krb5-admin-server is src:krb5 (PTS, buildd, popcon).

Reported by: Dominic Hargreaves <dom@earth.li>

Date: Wed, 27 Jun 2007 11:15:18 UTC

Severity: critical

Tags: security

Found in versions krb5/1.6.dfsg.1-4, krb5/1.4.4-7etch4, 1.3.6-2sarge4

Fixed in versions 1.6.dfsg.1-5, 1.3.6-2sarge5, 1.4.4-7etch4

Done: Russ Allbery <rra@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Sam Hartman <hartmans@debian.org>:
Bug#430785; Package krb5-admin-server. (full text, mbox, link).

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Sam Hartman <hartmans@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: krb5-admin-server
Severity: critical
Tags: security
Justification: root security hole

kadmind contains a buffer overflow, which could lead to a remote
privilege escalation:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

kadmind from MIT releases up to and including krb5-1.6.1 are affected.

A patch is available at the URL above.

Regards,

Dominic.

Bug marked as found in version +1.6.dfsg.1-4. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Wed, 27 Jun 2007 11:27:15 GMT) (full text, mbox, link).

Bug marked as found in version +1.4.4-7etch4. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Wed, 27 Jun 2007 11:27:16 GMT) (full text, mbox, link).

Bug marked as found in version +1.3.6-2sarge4. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Wed, 27 Jun 2007 11:27:16 GMT) (full text, mbox, link).

Bug marked as found in version 1.6.dfsg.1-4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Wed, 27 Jun 2007 12:57:01 GMT) (full text, mbox, link).

Bug marked as found in version 1.4.4-7etch4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Wed, 27 Jun 2007 12:57:02 GMT) (full text, mbox, link).

Bug marked as found in version 1.3.6-2sarge4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Wed, 27 Jun 2007 12:57:03 GMT) (full text, mbox, link).

Reply sent to Russ Allbery <rra@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Dominic Hargreaves <dom@earth.li>:
Bug acknowledged by developer. (full text, mbox, link).

Message #22 received at 430785-done@bugs.debian.org (full text, mbox, reply):

Version: 1.6.dfsg.1-5

Dominic Hargreaves <dom@earth.li> writes:

> Package: krb5-admin-server
> Severity: critical
> Tags: security
> Justification: root security hole

> kadmind contains a buffer overflow, which could lead to a remote
> privilege escalation:

> http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

Yes, new packages were uploaded yesterday almost simultaneous with the
security advisory.  The stable and oldstable security updates should be
working their way through the build process right now.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Bug marked as fixed in version 1.3.6-2sarge5. Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Mon, 02 Jul 2007 22:03:06 GMT) (full text, mbox, link).

Bug marked as fixed in version 1.4.4-7etch4. Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Mon, 02 Jul 2007 22:03:07 GMT) (full text, mbox, link).

Bug marked as not found in version +1.6.dfsg.1-4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Tue, 03 Jul 2007 10:09:02 GMT) (full text, mbox, link).

Bug marked as not found in version +1.4.4-7etch4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Tue, 03 Jul 2007 10:09:02 GMT) (full text, mbox, link).

Bug marked as not found in version +1.3.6-2sarge4. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Tue, 03 Jul 2007 10:09:03 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 27 Dec 2007 07:32:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:16:35 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2798: kadmind vulnerable to buffer overflow

Debian Bug report logs - #430785
CVE-2007-2798: kadmind vulnerable to buffer overflow

Vulmon Search

About

Products

Connect

CVE-2007-2798: kadmind vulnerable to buffer overflow

Debian Bug report logs - #430785 CVE-2007-2798: kadmind vulnerable to buffer overflow

Vulmon Search

About

Products

Connect

Debian Bug report logs - #430785
CVE-2007-2798: kadmind vulnerable to buffer overflow