Lucene search

K
saintSAINT CorporationSAINT:7F8A383884D03944BEBA710BB9BDB5A4
HistoryDec 03, 2007 - 12:00 a.m.

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

2007-12-0300:00:00
SAINT Corporation
download.saintcorporation.com
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

Added: 12/03/2007
CVE: CVE-2007-3999
BID: 25534
OSVDB: 37324

Background

Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol.

Problem

A buffer overflow in the svcauth_gss_validate function in the MIT Kerberos 5 RPC library allows remote attackers to send arbitrary commands by sending a specially crafted RPCSEC_GSS authentication context to the Kerberos administration daemon (kadmind).

Resolution

Upgrade to krb5-1.5.5 or krb5-1.6.3 or higher or apply the patch found in MIT krb5 Security Advisory 2007-006. Alternatively, apply a fix from your operating system vendor.

References

<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-07-052.html&gt;

Limitations

Exploit works on MIT Kerberos 5 krb5-1.5.4 on Red Hat Enterprise Linux 4 Update 4 with ExecShield disabled.

Platforms

Linux

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%