Lucene search

K
centosCentOS ProjectCESA-2007:0858
HistorySep 05, 2007 - 12:50 a.m.

krb5 security update

2007-09-0500:50:27
CentOS Project
lists.centos.org
47

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

CentOS Errata and Security Advisory CESA-2007:0858

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC. kadmind is the KADM5 administration
server.

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash. On Red Hat
Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary
code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. (CVE-2007-4000)

These issues did not affect the versions of Kerberos distributed with Red
Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which
contain backported fixes to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076338.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076339.html

Affected packages:
krb5-devel
krb5-libs
krb5-server
krb5-workstation

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0858

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%