10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Added: 12/03/2007
CVE: CVE-2007-3999
BID: 25534
OSVDB: 37324
Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol.
A buffer overflow in the svcauth_gss_validate function in the MIT Kerberos 5 RPC library allows remote attackers to send arbitrary commands by sending a specially crafted RPCSEC_GSS authentication context to the Kerberos administration daemon (kadmind).
Upgrade to krb5-1.5.5 or krb5-1.6.3 or higher or apply the patch found in MIT krb5 Security Advisory 2007-006. Alternatively, apply a fix from your operating system vendor.
<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt>
<http://www.zerodayinitiative.com/advisories/ZDI-07-052.html>
Exploit works on MIT Kerberos 5 krb5-1.5.4 on Red Hat Enterprise Linux 4 Update 4 with ExecShield disabled.
Linux