Published: 05/09/2007 Updated: 21/01/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Mit

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 up to and including 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote malicious users to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.4.1
mit kerberos 5 1.4.2
mit kerberos 5 1.6
mit kerberos 5 1.6.1
mit kerberos 5 1.4.3
mit kerberos 5 1.4.4
mit kerberos 5 1.6.2
mit kerberos 5 1.4
mit kerberos 5 1.5.2
mit kerberos 5 1.5.3
mit kerberos 5 1.5
mit kerberos 5 1.5.1

Debian Bug report logs - #441209 CVE-2007-4743 Incorrect fix for CVE-2007-3999 Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Nico Golde <nion@debianorg> Date: Fri, 7 Sep 2007 13:06:01 UTC Severity: grave Tags: security Found in version 16dfsg1-7 Done: Nico Golde <nion ...

It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges ...

It has been discovered that the original patch for a buffer overflow in svc_auth_gssc in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments The old stable distribution (sarge) does not contain a librpcsecgss package For the stable distribution (e ...

It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code The oldstable distribution (sarge) is not affected by this problem For the stable distribution (etch) this problem has been fixed in version 144-7etch3 For the unstable distribution (sid) this problem ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=250973 http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://www.redhat.com/support/errata/RHSA-2007-0858.html http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html http://www.zerodayinitiative.com/advisories/ZDI-07-052.html http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://www.debian.org/security/2007/dsa-1367 http://www.debian.org/security/2007/dsa-1368 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.trustix.org/errata/2007/0026/http://www.ubuntu.com/usn/usn-511-1 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.kb.cert.org/vuls/id/883632 http://www.securityfocus.com/bid/25534 http://www.securityfocus.com/bid/26444 http://www.securitytracker.com/id?1018647 http://secunia.com/advisories/26680 http://secunia.com/advisories/26699 http://secunia.com/advisories/26728 http://secunia.com/advisories/26676 http://secunia.com/advisories/26684 http://secunia.com/advisories/26691 http://secunia.com/advisories/26700 http://secunia.com/advisories/26705 http://secunia.com/advisories/26792 http://secunia.com/advisories/26783 http://secunia.com/advisories/26822 http://secunia.com/advisories/26896 http://secunia.com/advisories/26697 http://secunia.com/advisories/27043 http://secunia.com/advisories/27081 http://secunia.com/advisories/26987 http://secunia.com/advisories/26713 http://secunia.com/advisories/27146 http://secunia.com/advisories/27643 http://securityreason.com/securityalert/3092 http://secunia.com/advisories/27756 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html http://secunia.com/advisories/29247 http://secunia.com/advisories/29270 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 http://www.vupen.com/english/advisories/2007/3052 http://www.vupen.com/english/advisories/2008/0803/references http://www.vupen.com/english/advisories/2007/3060 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2007/3051 https://exchange.xforce.ibmcloud.com/vulnerabilities/36437 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162 http://www.securityfocus.com/archive/1/479251/100/0/threaded http://www.securityfocus.com/archive/1/478748/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209 https://usn.ubuntu.com/511-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/883632

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook