9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.939 High
EPSS
Percentile
99.1%
The MIT Kerberos administration daemon (kadmind
) contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.
A vulnerability exists in the way the principal renaming operation used by the Kerberos administration daemon handles strings and a fixed-size stack buffer. This vulnerability may cause a buffer overflow vulnerability that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory MITKRB5-SA-2007-005:
The kadmind code which performs the principal renaming operation passes unchecked string arguments to a sprintf() call which has a fixed-size stack buffer as its destination. These strings are the old and new principal names passed to the rename operation. The attacker needs to authenticate to kadmind to perform this attack, but no administrative privileges are required because the vulnerable code executes prior to privilege verification.
Note that this issue affects all releases of MIT krb5 up to and including krb5-1.6.1. MIT has been provided with proof-of-concept exploit code, but it’s not clear whether the exploit code is publicly available yet.
A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.
Apply a patch
A patch can be obtained from MIT krb5 Security Advisory MITKRB5-SA-2007-005. MIT also states that this will be addressed in the upcoming krb5-1.6.2 and krb5-1.5.4 releases.
554257
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 18, 2007 Updated: July 30, 2007
Affected
These vulnerabilities have been fixed in Debian GNU/Linux 4.0 (stable) in version 1.4.4-7etch2. and for Debian GNU/Linux 3.1 (oldstable) in version 1.3.6-2sarge5 via Debian Security Advisory 1323 as in <<http://www.debian.org/security/2007/dsa-1323>>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: August 14, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see GLSA 200707-11.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554257 Feedback>).
Notified: June 18, 2007 Updated: June 26, 2007
Affected
These issues affect the krb5-server package available for Red Hat
Enterprise Linux 2.1, 3, 4, and 5. Updated packages to correct this
issue are available along with our advisories at the URLs below and
via Red Hat Network.
Red Hat Enterprise Linux 2.1, 3:
<https://rhn.redhat.com/errata/RHSA-2007-0384.html>
Red Hat Enterprise Linux 4, 5:
<https://rhn.redhat.com/errata/RHSA-2007-0562.html>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 28, 2007
Affected
Sun can confirm that Solaris 8, 9, and 10 are affected by the issue
described in CERT advisory VU#554257.
Sun has published Sun Alert 102985 which includes details of the
Solaris specific impact, contributing factors, workaround options
and resolution information, and is available here:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 27, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Ubuntu Security Notice USN-477-1.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554257 Feedback>).
Notified: June 18, 2007 Updated: June 18, 2007
Not Affected
The vulnerabilities referenced in VU#365313 do not apply to CyberSafe products, including all versions of TrustBroker, ActiveTRUST and Challenger products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 26, 2007
Not Affected
Juniper Networks products do not use Kerberos, and are therefore not susceptible to this set of vulnerabilities.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 19, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: June 27, 2007
Not Affected
NetApp does not ship kadmind.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 13, 2007 Updated: June 13, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 27, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Mandriva Advisory MDKSA-2007:137.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23554257 Feedback>).
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: June 18, 2007 Updated: June 18, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 45 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to MIT for reporting this vulnerability, who in turn credit an anonymous discoverer working with iDefense.
This document was written by Will Dormann.
CVE IDs: | CVE-2007-2798 |
---|---|
Severity Metric: | 16.80 Date Public: |
docs.info.apple.com/article.html?artnum=306172
labs.idefense.com/intelligence/vulnerabilities/display.php?id=548
secunia.com/advisories/25800/
secunia.com/advisories/26033/
sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-005.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:137
www.ubuntu.com/usn/usn-477-1