krb5 vulnerabilities

2007-06-2700:00:00

ubuntu.com

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Releases

Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

Details

Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to free
an uninitialized pointer, leading to a denial of service or possibly
execution of arbitrary code with root privileges. (CVE-2007-2442)

Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)

It was discovered that the kadmind service could be made to overflow its
stack. A remote attacker could send a specially crafted request and
execute arbitrary code with root privileges. (CVE-2007-2798)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchlibkadm55< 1.4.4-5ubuntu3.1UNKNOWN
Ubuntu6.10noarchlibkadm55< 1.4.3-9ubuntu1.3UNKNOWN
Ubuntu6.06noarchlibkadm55< 1.4.3-5ubuntu0.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	7.04	noarch	libkadm55	< 1.4.4-5ubuntu3.1	UNKNOWN
Ubuntu	6.10	noarch	libkadm55	< 1.4.3-9ubuntu1.3	UNKNOWN
Ubuntu	6.06	noarch	libkadm55	< 1.4.3-5ubuntu0.4	UNKNOWN