CVE-2007-2443 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-2443
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2443

Description: Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35085 UBUNTU http://www.ubuntu.com/usn/usn-477-1 TRUSTIX http://www.trustix.org/errata/2007/0021/ SUSE http://www.novell.com/linux/security/advisories/2007_38_krb5.html ST 1018293 SGI SAID Secunia Advisory: SA26909 Secunia Advisory: SA26033 Secunia Advisory: SA26235 Secunia Advisory: SA26228 Secunia Advisory: SA25911 Secunia Advisory: SA25888 Secunia Advisory: SA25814 Secunia Advisory: SA25801 Secunia Advisory: SA25800 Secunia Advisory: SA25821 Secunia Advisory: SA25870 Secunia Advisory: SA25890 Secunia Advisory: SA25894 Secunia Advisory: SA27706 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0384.html http://www.redhat.com/support/errata/RHSA-2007-0562.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:137 GENTOO http://security.gentoo.org/glsa/glsa-200707-11.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html DEBIAN http://www.debian.org/security/2007/dsa-1323 CONFIRM http://docs.info.apple.com/article.html?artnum=306172 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt CERT-VN 365313 CERT http://www.us-cert.gov/cas/techalerts/TA07-177A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/472507/30/5970/threaded http://www.securityfocus.com/archive/1/archive/1/472432/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/472288/100/0/threaded BID 25159 24657 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.