CERTVU:883632MIT Kerberos 5 kadmind buffer overflow vulnerability
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Overview
An unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code.
Description
Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. The kadmind daemon is the administration server that runs on the master Kerberos server.
From the kadmind manual page:
This command starts the KADM5 administration server. The administration server runs on the master Kerberos server, which stores the KDC principal database and the KADM5 policy database. Kadmind accepts remote requests to administer the information–exclude in these databases. Remote requests are sent, for example, by kadmin(8) and the kpasswd(1) command, both of which are clients of kadmind.
Per MITKRB5-SA-2007-006 there is a stack buffer overflow in the RPCSEC_GSS authentication in the RPC library that is included in krb5-1.4 through krb5-1.6.2. Any programs that link against the RPC library may also be affected.
Note that per MITKRB5-SA-2007-006, versions of kerberos prior to krb5-1.5 are not affected.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code.
Solution
Update
The Kerberos team has released an update to address this issue. Please see MITKRB5-SA-2007-006 for more information on obtaining fixed software.
Restrict access
Restricng network access to the Kerberos server may partially mitigate this vulnerability. kadmind listens on 749/tcp by default.
Vendor Information
883632
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Debian GNU/Linux __ Affected
Notified: August 24, 2007 Updated: September 05, 2007
Status
Affected
Vendor Statement
The Debian project has corrected the buffer overflow in the RPC library alias CVE-2007-3999 in the Kerberos packages in its security advisory DSA 1367.
The oldstable distribution (sarge) is not affected by this problem.
For the stable distribution (etch) this problem has been fixed in version 1.4.4-7etch3.
For the unstable distribution (sid) this problem has been fixed in version 1.6.dfsg.1-7.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo Linux __ Affected
Notified: August 24, 2007 Updated: October 26, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See <http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23883632 Feedback>).
MIT Kerberos Development Team __ Affected
Notified: August 23, 2007 Updated: September 04, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23883632 Feedback>).
Red Hat, Inc. __ Affected
Notified: August 24, 2007 Updated: September 06, 2007
Status
Affected
Vendor Statement
This issue did not affect the version of Kerberos as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
For Red Hat Enterprise Linux 5 users we made the following update available for Kerberos to correct this issue
<https://rhn.redhat.com/errata/RHSA-2007-0858.html>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SUSE Linux __ Affected
Notified: August 24, 2007 Updated: September 06, 2007
Status
Affected
Vendor Statement
SUSE and openSUSE packages were affected by this vulnerabilities and update packages are released.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. __ Affected
Notified: August 24, 2007 Updated: September 06, 2007
Status
Affected
Vendor Statement
Sun can confirm that Solaris 8, 9, and 10 are affected by the issue described in CERT advisory VU#883632.
Sun has published Sun Alert 103060 which includes details of the Solaris specific impact, contributing factors, workaround options and resolution information, and is available here:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1>
The Sun Alert will be kept up to date regarding progress on this issue.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: August 24, 2007 Updated: September 04, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Apple Computer, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AttachmateWRQ, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CyberSafe, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC Corporation Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fedora Project Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
KTH Kerberos Team Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: September 04, 2007 Updated: September 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: August 24, 2007 Updated: August 24, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
View all 44 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt>
- <http://secunia.com/advisories/26676/>
- <http://docs.info.apple.com/article.html?artnum=307041>
Acknowledgements
Thanks to the MIT Kerberos team for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-3999 |
|---|---|
| Severity Metric: | 8.61 Date Public: |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%