CVE-2007-4743

HIGH

Description

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

References

http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86

http://docs.info.apple.com/article.html?artnum=307041

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

http://secunia.com/advisories/26699

http://secunia.com/advisories/26987

http://secunia.com/advisories/27643

http://www.debian.org/security/2007/dsa-1387

http://www.novell.com/linux/security/advisories/2007_19_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0892.html

http://www.securityfocus.com/archive/1/478748/100/0/threaded

http://www.securityfocus.com/archive/1/478794/100/0/threaded

http://www.securityfocus.com/bid/26444

http://www.ubuntu.com/usn/usn-511-2

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

http://www.vupen.com/english/advisories/2007/3868

https://issues.rpath.com/browse/RPL-1696

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239

Details

Source: MITRE

Published: 2007-09-06

Updated: 2020-01-21

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
67571Oracle Linux 5 : krb5 (ELSA-2007-0892)NessusOracle Linux Local Security Checks
critical
43652CentOS 5 : krb5 (CESA-2007:0892)NessusCentOS Local Security Checks
critical
29495SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 4249)NessusSuSE Local Security Checks
critical
4284Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)Nessus Network MonitorOperating System Detection
critical
28212Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)NessusMacOS X Local Security Checks
critical
28116Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-2)NessusUbuntu Local Security Checks
critical
28115Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-1)NessusUbuntu Local Security Checks
critical
27750Fedora 7 : krb5-1.6.1-4.fc7 (2007-2066)NessusFedora Local Security Checks
critical
27311openSUSE 10 Security Update : krb5 (krb5-4248)NessusSuSE Local Security Checks
critical
27066Debian DSA-1387-1 : librpcsecgss - buffer overflowNessusDebian Local Security Checks
critical
26052RHEL 5 : krb5 (RHSA-2007:0892)NessusRed Hat Local Security Checks
critical
26006Mandrake Linux Security Advisory : krb5 (MDKSA-2007:174-1)NessusMandriva Local Security Checks
critical