ID CVE-2007-2442
Summary The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 09-02-2024 - 03:23)
Impact:
Exploitability:
CWE CWE-824
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:07:15.221-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
    family unix
    id oval:org.mitre.oval:def:10631
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
    version 30
  • accepted 2015-04-20T04:02:34.120-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
    family unix
    id oval:org.mitre.oval:def:7344
    status accepted
    submitted 2010-10-25T11:35:23.000-05:00
    title HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
    version 47
redhat via4
advisories
  • rhsa
    id RHSA-2007:0384
  • rhsa
    id RHSA-2007:0562
rpms
  • krb5-debuginfo-0:1.2.7-66
  • krb5-devel-0:1.2.2-47
  • krb5-devel-0:1.2.7-66
  • krb5-libs-0:1.2.2-47
  • krb5-libs-0:1.2.7-66
  • krb5-server-0:1.2.2-47
  • krb5-server-0:1.2.7-66
  • krb5-workstation-0:1.2.2-47
  • krb5-workstation-0:1.2.7-66
  • krb5-debuginfo-0:1.3.4-49
  • krb5-debuginfo-0:1.5-26
  • krb5-devel-0:1.3.4-49
  • krb5-devel-0:1.5-26
  • krb5-libs-0:1.3.4-49
  • krb5-libs-0:1.5-26
  • krb5-server-0:1.3.4-49
  • krb5-server-0:1.5-26
  • krb5-workstation-0:1.3.4-49
  • krb5-workstation-0:1.5-26
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 24655
  • 25159
bugtraq
  • 20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities
  • 20070628 FLEA-2007-0029-1: krb5 krb5-workstation
  • 20070629 TSLSA-2007-0021 - kerberos5
cert TA07-177A
cert-vn VU#356961
confirm
debian DSA-1323
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200707-11
hp
  • HPSBUX02544
  • SSRT100107
mandriva MDKSA-2007:137
osvdb 36596
sectrack 1018293
secunia
  • 25800
  • 25801
  • 25814
  • 25821
  • 25841
  • 25870
  • 25888
  • 25890
  • 25894
  • 25911
  • 26033
  • 26228
  • 26235
  • 26909
  • 27706
  • 40346
sgi 20070602-01-P
sunalert 102914
suse SUSE-SA:2007:038
trustix 2007-0021
ubuntu USN-477-1
vupen
  • ADV-2007-2337
  • ADV-2007-2354
  • ADV-2007-2491
  • ADV-2007-2732
  • ADV-2007-3229
  • ADV-2010-1574
xf kerberos-gssrpcsvcauthgssapi-code-execution(35082)
Last major update 09-02-2024 - 03:23
Published 26-06-2007 - 22:30
Last modified 09-02-2024 - 03:23
Back to Top