CVE-2007-3999 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2007-3999

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3999

Description: Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36437 UBUNTU http://www.ubuntu.com/usn/usn-511-1 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.novell.com/linux/security/advisories/2007_19_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 ST 1018647 SREASON http://securityreason.com/securityalert/3092 SAID Secunia Advisory: SA29270 Secunia Advisory: SA29247 Secunia Advisory: SA27756 Secunia Advisory: SA27643 Secunia Advisory: SA27146 Secunia Advisory: SA26713 Secunia Advisory: SA26987 Secunia Advisory: SA27081 Secunia Advisory: SA27043 Secunia Advisory: SA26697 Secunia Advisory: SA26896 Secunia Advisory: SA26822 Secunia Advisory: SA26783 Secunia Advisory: SA26792 Secunia Advisory: SA26705 Secunia Advisory: SA26700 Secunia Advisory: SA26691 Secunia Advisory: SA26728 Secunia Advisory: SA26676 Secunia Advisory: SA26684 Secunia Advisory: SA26680 Secunia Advisory: SA26699 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://www.redhat.com/support/errata/RHSA-2007-0858.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3162 MLIST http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html MISC http://www.zerodayinitiative.com/advisories/ZDI-07-052.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1367 http://www.debian.org/security/2007/dsa-1368 CONFIRM http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm http://docs.info.apple.com/article.html?artnum=307041 CERT-VN 883632 CERT http://www.us-cert.gov/cas/techalerts/TA07-319A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479251/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/478748/100/0/threaded BID 25534 26444 APPLE http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	OpenBSD BIND Query Port DNS Cache Poisoning

3.	Apple Safari Cross-Domain Cookie Injection Vulnerability

4.	Drupal Session Fixation Vulnerability

5.	Red Hat update for thunderbird

6.	Debian update for clamav

7.	Red Hat update for kernel

8.	Slackware update for dnsmasq

9.	Ubuntu update for php

10.	IPCop update for perl