Executive Summary
Summary | |
---|---|
Title | krb5 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0892 | First vendor Publication | 2007-09-07 |
Vendor | RedHat | Last vendor Modification | 2007-09-07 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated krb5 packages that correct a security flaw are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-4743) This issue did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Users of krb5-server are advised to update to these erratum packages which contain a corrected backported fix for this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 281561 - CVE-2007-4743 krb5 incomplete fix for CVE-2007-3999 |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0892.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10239 | |||
Oval ID: | oval:org.mitre.oval:def:10239 | ||
Title: | The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | ||
Description: | The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4743 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17534 | |||
Oval ID: | oval:org.mitre.oval:def:17534 | ||
Title: | USN-511-2 -- krb5, librpcsecgss vulnerability | ||
Description: | USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-511-2 CVE-2007-4743 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | krb5 librpcsecgss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17654 | |||
Oval ID: | oval:org.mitre.oval:def:17654 | ||
Title: | USN-511-1 -- krb5, librpcsecgss vulnerability | ||
Description: | It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-511-1 CVE-2007-3999 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | krb5 librpcsecgss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18022 | |||
Oval ID: | oval:org.mitre.oval:def:18022 | ||
Title: | DSA-1387-1 librpcsecgss | ||
Description: | It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (<a href="http://security-tracker.debian.org/tracker/CVE-2007-3999">CVE-2007-3999</a>, <a href="dsa-1368">DSA-1368-1</a>) was insufficient to protect from arbitrary code execution in some environments. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1387-1 CVE-2007-4743 CVE-2007-3999 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | librpcsecgss |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18448 | |||
Oval ID: | oval:org.mitre.oval:def:18448 | ||
Title: | DSA-1367-1 krb5 - arbitrary code execution | ||
Description: | It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1367-1 CVE-2007-3999 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20350 | |||
Oval ID: | oval:org.mitre.oval:def:20350 | ||
Title: | DSA-1368-1 librpcsecgss - arbitrary code execution | ||
Description: | It was discovered that a buffer overflow of the library for secure RPC communication over the rpcsec_gss protocol allows the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1368-1 CVE-2007-3999 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | librpcsecgss |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22703 | |||
Oval ID: | oval:org.mitre.oval:def:22703 | ||
Title: | ELSA-2007:0892: krb5 security update (Important) | ||
Description: | The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0892-01 CVE-2007-4743 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3162 | |||
Oval ID: | oval:org.mitre.oval:def:3162 | ||
Title: | Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M)) | ||
Description: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3999 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9379 | |||
Oval ID: | oval:org.mitre.oval:def:9379 | ||
Title: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Description: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3999 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for librpcsecgss File : nvt/sles10_librpcsecgss.nasl |
2009-06-03 | Name : Solaris Update for rpcsec_gss 126929-02 File : nvt/gb_solaris_126929_02.nasl |
2009-06-03 | Name : Solaris Update for rpcsec_gss 126928-02 File : nvt/gb_solaris_126928_02.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174.nasl |
2009-04-09 | Name : Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) File : nvt/gb_mandriva_MDKSA_2007_181.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174_1.nasl |
2009-03-23 | Name : Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 File : nvt/gb_ubuntu_USN_511_1.nasl |
2009-03-23 | Name : Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 File : nvt/gb_ubuntu_USN_511_2.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-694 File : nvt/gb_fedora_2007_694_krb5_fc6.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-690 File : nvt/gb_fedora_2007_690_krb5_fc6.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-16 | Name : Fedora Update for libtirpc FEDORA-2008-1017 File : nvt/gb_fedora_2008_1017_libtirpc_fc8.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-01 (mit-krb5) File : nvt/glsa_200709_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-01 (librcpsecgss) File : nvt/glsa_200710_01.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1367-1 (krb5) File : nvt/deb_1367_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1387-1 (librpcsecgss) File : nvt/deb_1387_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1368-1 (librpcsecgss) File : nvt/deb_1368_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1367-2 (krb5) File : nvt/deb_1367_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37332 | MIT Kerberos 5 RPCSEC_GSS RPC Library svc_auth_gss.c Patch Weakness Overflow |
37324 | MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c s... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt RuleID : 12424 - Revision : 11 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071004_nfs_utils_lib_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070919_nfs_utils_lib_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070904_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1017.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_librpcsecgss-4601.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4192.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4249.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_11.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote openSUSE host is missing a security update. File : suse_librpcsecgss-4600.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2017.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2066.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1387.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4248.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4191.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-01.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1368.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-181.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-01.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-694.nasl - Type : ACT_GATHER_INFO |
2007-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-174.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1367.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-690.nasl - Type : ACT_GATHER_INFO |
2007-07-02 | Name : The remote host is missing Sun Security Patch number 126928-02 File : solaris8_126928.nasl - Type : ACT_GATHER_INFO |
2007-07-02 | Name : The remote host is missing Sun Security Patch number 126929-02 File : solaris8_x86_126929.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:01 |
|
2013-05-11 12:24:07 |
|