Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-4743

Published: 06/09/2007 Updated: 21/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Kerberos 5

Vulnerability Summary

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 up to and including 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote malicious users to conduct a buffer overflow attack.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.4.1

mit kerberos 5 1.4.2

mit kerberos 5 1.6

mit kerberos 5 1.6.1

mit kerberos 5 1.4

mit kerberos 5 1.5.2

mit kerberos 5 1.5.3

mit kerberos 5 1.4.3

mit kerberos 5 1.4.4

mit kerberos 5 1.6.2

mit kerberos 5 1.5

mit kerberos 5 1.5.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-4743 Incorrect fix for CVE-2007-3999
Debian Bug report logs - #441209 CVE-2007-4743 Incorrect fix for CVE-2007-3999 Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Nico Golde <nion@debianorg> Date: Fri, 7 Sep 2007 13:06:01 UTC Severity: grave Tags: security Found in version 16dfsg1-7 Done: Nico Golde <nion ...
Ubuntu Security Notice: krb5, librpcsecgss vulnerability
USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it This update fixes the problem ...
Debian Security Advisories: DSA-1387-1 librpcsecgss -- buffer overflow
It has been discovered that the original patch for a buffer overflow in svc_auth_gssc in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments The old stable distribution (sarge) does not contain a librpcsecgss package For the stable distribution (e ...

References

CWE-119http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86https://issues.rpath.com/browse/RPL-1696http://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://www.debian.org/security/2007/dsa-1387http://www.redhat.com/support/errata/RHSA-2007-0892.htmlhttp://www.novell.com/linux/security/advisories/2007_19_sr.htmlhttp://www.ubuntu.com/usn/usn-511-2http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.securityfocus.com/bid/26444http://secunia.com/advisories/26699http://secunia.com/advisories/26987http://secunia.com/advisories/27643http://www.vupen.com/english/advisories/2007/3868https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239http://www.securityfocus.com/archive/1/478794/100/0/threadedhttp://www.securityfocus.com/archive/1/478748/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209https://usn.ubuntu.com/511-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook