Executive Summary
Summary | |
---|---|
Title | Sun Alert 102914 A Security Vulnerability in the Implementation of the RPCSEC_GSS API Affects the Kerberos Administration Daemon (kadmind(1M)) |
Informations | |||
---|---|---|---|
Name | SUN-102914 | First vendor Publication | 2007-07-02 |
Vendor | Sun | Last vendor Modification | 2007-07-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A security vulnerability in the implementation of the RPCSEC_GSS API, which impacts applications utilizing this API (rpcsec_gss(3NSL)) such as the kadmind(1M) daemon, may allow execution of arbitrary commands. In the case of Kerberos Key Distribution Centers(KDC) (which run kadmind(1M)) an unprivileged and unauthenticated remote user may be able to execute arbitrary commands on the system with the privileges of the kadmind(1M) daemon (usually 'root'). In addition, on KDC systems this issue may allow the remote user to compromise the Kerberos key database or cause the affected program to crash, which is a form of Denial of Service (DoS). This issue is referenced in the following documents: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt CVE-2007-2442 at http://www.security-database.com/detail.php?cve=CVE-2007-2442 Avoidance: Patch State: Resolved First released: 26-Jun-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102914_a_security |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10631 | |||
Oval ID: | oval:org.mitre.oval:def:10631 | ||
Title: | The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. | ||
Description: | The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2442 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:137 (krb5) File : nvt/gb_mandriva_MDKSA_2007_137.nasl |
2009-03-23 | Name : Ubuntu Update for krb5 vulnerabilities USN-477-1 File : nvt/gb_ubuntu_USN_477_1.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-0740 File : nvt/gb_fedora_2007_0740_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-620 File : nvt/gb_fedora_2007_620_krb5_fc5.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-621 File : nvt/gb_fedora_2007_621_krb5_fc6.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2009-01-28 | Name : SuSE Update for krb5 SUSE-SA:2007:038 File : nvt/gb_suse_2007_038.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-11 (mit-krb5) File : nvt/glsa_200707_11.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1323-1 (krb5) File : nvt/deb_1323_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36596 | MIT Kerberos 5 RPC Library gssrpc__svcauth_gssapi Function Remote Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi... RuleID : 13268 - Revision : 5 - Type : RPC |
2014-01-10 | MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi... RuleID : 13223 - Revision : 6 - Type : PROTOCOL-RPC |
2014-01-10 | MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code executi... RuleID : 12075 - Revision : 10 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0384.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_krb5_on_SL3.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41166.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41167.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41168.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2007-0006.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-3821.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-477-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0740.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-3820.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200707-11.nasl - Type : ACT_GATHER_INFO |
2007-07-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1323.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-137.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0384.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0384.nasl - Type : ACT_GATHER_INFO |