CVE-2007-3999 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3999
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3999

Description: Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36437 UBUNTU http://www.ubuntu.com/usn/usn-511-1 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.novell.com/linux/security/advisories/2007_19_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 ST 1018647 SREASON http://securityreason.com/securityalert/3092 SAID Secunia Advisory: SA29270 Secunia Advisory: SA29247 Secunia Advisory: SA27756 Secunia Advisory: SA27643 Secunia Advisory: SA27146 Secunia Advisory: SA26713 Secunia Advisory: SA26987 Secunia Advisory: SA27081 Secunia Advisory: SA27043 Secunia Advisory: SA26697 Secunia Advisory: SA26896 Secunia Advisory: SA26822 Secunia Advisory: SA26783 Secunia Advisory: SA26792 Secunia Advisory: SA26705 Secunia Advisory: SA26700 Secunia Advisory: SA26691 Secunia Advisory: SA26728 Secunia Advisory: SA26676 Secunia Advisory: SA26684 Secunia Advisory: SA26680 Secunia Advisory: SA26699 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://www.redhat.com/support/errata/RHSA-2007-0858.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3162 MLIST http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html MISC http://www.zerodayinitiative.com/advisories/ZDI-07-052.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1367 http://www.debian.org/security/2007/dsa-1368 CONFIRM http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm http://docs.info.apple.com/article.html?artnum=307041 CERT-VN 883632 CERT http://www.us-cert.gov/cas/techalerts/TA07-319A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479251/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/478748/100/0/threaded BID 25534 26444 APPLE http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Return to the previous page.