ID CVE-2007-2443
Summary Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.6.1
    cpe:2.3:a:mit:kerberos:5-1.6.1
CVSS
Base: 7.9 (as of 27-06-2007 - 14:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_41166.NASL
    description s700_800 11.11 KRB5-Client Version 1.0 cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47147
    published 2010-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47147
    title HP-UX PHSS_41166 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_41167.NASL
    description s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47148
    published 2010-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47148
    title HP-UX PHSS_41167 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_41168.NASL
    description s700_800 11.31 KRB5-Client Version 1.3.5.03 Cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47149
    published 2010-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47149
    title HP-UX PHSS_41168 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2007-0006.NASL
    description Problems addressed by these patches : I Arbitrary code execution and denial of service vulnerabilities This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) This release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) Thanks to Rafal Wojtczvk of McAfee for identifying and reporting these issues. II Hosted products DHCP security vulnerabilities addressed This release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. III Windows based hosted product vulnerability in IntraProcessLogging.dll and vielib.dll. This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. IV Escalation of privileges on Windows hosted systems This release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. Thanks to Foundstone for discovering this vulnerability. V Potential denial of service using VMware Player This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. VI ESX Service Console updates a. Service console package Samba, has been updated to address the following issues : Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447) Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues. Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 b. Updated bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation. (CVE-2007-0494) Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 c. This patch provides updated service console package krb5 update. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues. Thanks to Wei Wang of McAfee Avert Labs discovered these vulnerabilities. Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a update has been provided for completeness. d. Service console update for vixie-cron This patch provides an updated service console package vixie-cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A denial of service issue was found in the way vixie-cron verified crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could potentially prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) Thanks to Raphael Marichez for identifying this issue. e. Service console update for shadow-utils This patch provides an updated shadow-utils package. A new user's mailbox, when created, could have random permissions for a short period. This could enable a local malicious user to read or modify the mailbox. (CVE-2006-1174) f. Service console update for OpenLDAP This patch provides a updated OpenLDAP package. A flaw could allow users with selfwrite access to modify the distinguished name of any user, instead of being limited to modify only their own distinguished name. (CVE-2006-4600) g. Service console update for PAM This patch provides an updated PAM package A vulnerability was found that could allow console users with access to certain device files to cause damage to recordable CD drives. Certain file permissions have now been modified to disallow access. (CVE-2004-0813) A flaw was found with console device permissions. It was possible for various console devices to retain ownership of the previoius console user after logging out, which could result in leakage of information to an unauthorized user. (CVE-2007-1716) h. Service console update for GCC This patch provides security fixes for the service console GNU Compiler Collection (GCC) packages that include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. A flaw was found in the fastjar utility that could potentially allow a malicious user to create a JAR file which, if unpacked using fastjar, could write to any file that an authorized user had write access to. (CVE-2006-3619) Thanks to Jürgen Weigert for identifying this issue. i. Service Console update for GDB This patch provides a security fix for the service console GNU debugger (GDB). Various vulnerabilities were found in GDB. These vulnerabilities may allow a malicious user to deceive a user into loading debugging information into GDB, enabling the execution of arbitrary code with the privileges of the user. (CVE-2006-4146)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40370
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40370
    title VMSA-2007-0006 : Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP - Quartz Composer - Samba - SquirrelMail - Tomcat - WebCore - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25830
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25830
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0384.NASL
    description From Red Hat Security Advisory 2007:0384 : Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) For Red Hat Enterprise Linux 2.1, several portability bugs which would lead to unexpected crashes on the ia64 platform have also been fixed. Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67503
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67503
    title Oracle Linux 3 : krb5 (ELSA-2007-0384)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070626_KRB5_ON_SL5_X.NASL
    description David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Scientific Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Scientific Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60219
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60219
    title Scientific Linux Security Update : krb5 on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0384.NASL
    description Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) For Red Hat Enterprise Linux 2.1, several portability bugs which would lead to unexpected crashes on the ia64 platform have also been fixed. Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25574
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25574
    title CentOS 3 : krb5 (CESA-2007:0384)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070626_KRB5_ON_SL3.NASL
    description David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Scientific Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60218
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60218
    title Scientific Linux Security Update : krb5 on SL3.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-137.NASL
    description David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442). David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443). Finally, a stack-based buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798). Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25603
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25603
    title Mandrake Linux Security Advisory : krb5 (MDKSA-2007:137)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0740.NASL
    description This update incorporates fixes for a stack-based buffer overflow and heap corruption in the RPC library, and a fix for a potential stack-based buffer overflow in kadmind. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27678
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27678
    title Fedora 7 : krb5-1.6.1-2.1.fc7 (2007-0740)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-3820.NASL
    description This update fixes a stack-based buffer overflow in kadmind which can be exploited by authenticated remote users to gain root. (CVE-2007-2798) Additionally two bugs in the RPC library of kadmind were fixed that can lead to remote system compromise. (CVE-2007-2442, CVE-2007-2443) Note that third-party applications using the RPC library are vulnerable, too.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27309
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27309
    title openSUSE 10 Security Update : krb5 (krb5-3820)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0562.NASL
    description Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25580
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25580
    title CentOS 4 / 5 : krb5 (CESA-2007:0562)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200707-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200707-11 (MIT Kerberos 5: Arbitrary remote code execution) kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials (CVE-2007-2442) and the RPC library can write past the end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to do proper bounds checking (CVE-2007-2798). Impact : A remote unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 25793
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25793
    title GLSA-200707-11 : MIT Kerberos 5: Arbitrary remote code execution
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0562.NASL
    description From Red Hat Security Advisory 2007:0562 : Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67535
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67535
    title Oracle Linux 4 / 5 : krb5 (ELSA-2007-0562)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1323.NASL
    description Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2442 Wei Wang discovered that the free of an uninitialised pointer in the Kerberos RPC library may lead to the execution of arbitrary code. - CVE-2007-2443 Wei Wang discovered that insufficient input sanitising in the Kerberos RPC library may lead to the execution of arbitrary code. - CVE-2007-2798 It was discovered that a buffer overflow in the Kerberos administration daemon may lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25628
    published 2007-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25628
    title Debian DSA-1323-1 : krb5 - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-477-1.NASL
    description Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. (CVE-2007-2442) Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. (CVE-2007-2443) It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-2798). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28078
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28078
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5 vulnerabilities (USN-477-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0562.NASL
    description Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25611
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25611
    title RHEL 4 / 5 : krb5 (RHSA-2007:0562)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-3821.NASL
    description This update fixes a stack-based buffer overflow in kadmind which can be exploited by authenticated remote users to gain root. (CVE-2007-2798) Additionally two bugs in the RPC library of kadmind were fixed that can lead to remote system compromise. (CVE-2007-2442 / CVE-2007-2443) Note that third-party applications using the RPC library are vulnerable, too.
    last seen 2019-02-21
    modified 2013-03-30
    plugin id 29493
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29493
    title SuSE 10 Security Update : krb5 (ZYPP Patch Number 3821)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0384.NASL
    description Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash or potentially execute arbitrary code as root. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack-based buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) For Red Hat Enterprise Linux 2.1, several portability bugs which would lead to unexpected crashes on the ia64 platform have also been fixed. Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25604
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25604
    title RHEL 2.1 / 3 : krb5 (RHSA-2007:0384)
oval via4
  • accepted 2013-04-29T04:12:51.725-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
    family unix
    id oval:org.mitre.oval:def:11277
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
    version 24
  • accepted 2015-04-20T04:02:33.581-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
    family unix
    id oval:org.mitre.oval:def:7131
    status accepted
    submitted 2010-10-25T11:35:23.000-05:00
    title HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
    version 44
redhat via4
advisories
  • rhsa
    id RHSA-2007:0384
  • rhsa
    id RHSA-2007:0562
rpms
  • krb5-devel-0:1.2.7-66
  • krb5-libs-0:1.2.7-66
  • krb5-server-0:1.2.7-66
  • krb5-workstation-0:1.2.7-66
  • krb5-devel-0:1.3.4-49
  • krb5-libs-0:1.3.4-49
  • krb5-server-0:1.3.4-49
  • krb5-workstation-0:1.3.4-49
  • krb5-devel-0:1.5-26
  • krb5-libs-0:1.5-26
  • krb5-server-0:1.5-26
  • krb5-workstation-0:1.5-26
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 24657
  • 25159
bugtraq
  • 20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities
  • 20070628 FLEA-2007-0029-1: krb5 krb5-workstation
  • 20070629 TSLSA-2007-0021 - kerberos5
cert TA07-177A
cert-vn VU#365313
confirm
debian DSA-1323
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200707-11
hp
  • HPSBUX02544
  • SSRT100107
mandriva MDKSA-2007:137
osvdb 36597
sectrack 1018293
secunia
  • 25800
  • 25801
  • 25814
  • 25821
  • 25870
  • 25888
  • 25890
  • 25894
  • 25911
  • 26033
  • 26228
  • 26235
  • 26909
  • 27706
  • 40346
sgi 20070602-01-P
suse SUSE-SA:2007:038
trustix 2007-0021
ubuntu USN-477-1
vupen
  • ADV-2007-2337
  • ADV-2007-2491
  • ADV-2007-2732
  • ADV-2007-3229
  • ADV-2010-1574
xf kerberos-gssrpcsvcauthunix-bo(35085)
Last major update 30-10-2012 - 22:34
Published 26-06-2007 - 18:30
Last modified 16-10-2018 - 12:43
Back to Top