10 - CVE-2007-3999

Executive Summary

Informations
Name	CVE-2007-3999	First vendor Publication	2007-09-05
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17654

Oval ID:	oval:org.mitre.oval:def:17654
Title:	USN-511-1 -- krb5, librpcsecgss vulnerability
Description:	It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures.
Family:	unix	Class:	patch
Reference(s):	USN-511-1 CVE-2007-3999	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04	Product(s):	krb5 librpcsecgss
Definition Synopsis:
Release section Ubuntu 6.06 is installed Packages match section libkadm55 DPKG is earlier than 1.4.3-5ubuntu0.5 AND librpcsecgss1 DPKG is earlier than 0.7-0ubuntu1.1 AND Release section Ubuntu 6.10 is installed Packages match section libkadm55 DPKG is earlier than 1.4.3-9ubuntu1.4 AND librpcsecgss2 DPKG is earlier than 0.13-2ubuntu0.1 AND Release section Ubuntu 7.04 is installed Packages match section libkadm55 DPKG is earlier than 1.4.4-5ubuntu3.2 AND librpcsecgss3 DPKG is earlier than 0.14-2ubuntu1.1

Definition Id: oval:org.mitre.oval:def:18022

Oval ID:	oval:org.mitre.oval:def:18022
Title:	DSA-1387-1 librpcsecgss
Description:	It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (<a href="http://security-tracker.debian.org/tracker/CVE-2007-3999">CVE-2007-3999</a>, <a href="dsa-1368">DSA-1368-1</a>) was insufficient to protect from arbitrary code execution in some environments.
Family:	unix	Class:	patch
Reference(s):	DSA-1387-1 CVE-2007-4743 CVE-2007-3999	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	librpcsecgss
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND librpcsecgss DPKG is earlier than 0.14-2etch3

Definition Id: oval:org.mitre.oval:def:18448

Oval ID:	oval:org.mitre.oval:def:18448
Title:	DSA-1367-1 krb5 - arbitrary code execution
Description:	It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1367-1 CVE-2007-3999	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	krb5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND krb5 DPKG is earlier than 1.4.4-7etch4

Definition Id: oval:org.mitre.oval:def:20350

Oval ID:	oval:org.mitre.oval:def:20350
Title:	DSA-1368-1 librpcsecgss - arbitrary code execution
Description:	It was discovered that a buffer overflow of the library for secure RPC communication over the rpcsec_gss protocol allows the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1368-1 CVE-2007-3999	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	librpcsecgss
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND librpcsecgss DPKG is earlier than 0:0.14-2etch1

Definition Id: oval:org.mitre.oval:def:3162

Oval ID:	oval:org.mitre.oval:def:3162
Title:	Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Description:	Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3999	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 8 (SPARC) meets Sun Alert 103060 Solaris 8 (SPARC) is installed AND NOT Patch 126928-02 or later installed AND Key Distribution Center (kadmind) process running OR Solaris 9 (SPARC) meets Sun Alert 103060 Solaris 9 (SPARC) is installed AND NOT Patch 113318-32 or later installed AND Key Distribution Center (kadmind) process running OR Solaris 10 (SPARC) meets Sun Alert 103060 Solaris 10 (SPARC) is installed AND NOT Patch 126661-02 or later installed AND Key Distribution Center (kadmind) process running OR Solaris 8 (x86) meets Sun Alert 103060 Solaris 8 (x86) is installed AND NOT Patch 126929-02 or later installed AND Key Distribution Center (kadmind) process running OR Solaris 9 (x86) meets Sun Alert 103060 Solaris 9 (x86) is installed AND NOT Patch 117468-18 or later installed AND Key Distribution Center (kadmind) process running OR Solaris 10 (x86) meets Sun Alert 103060 Solaris 10 (x86) is installed AND NOT Patch 126662-02 or later installed AND Key Distribution Center (kadmind) process running

Definition Id: oval:org.mitre.oval:def:9379

Oval ID:	oval:org.mitre.oval:def:9379
Title:	Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Description:	Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3999	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section nfs-utils-lib-devel is earlier than 0:1.0.6-8.z1 AND nfs-utils-lib is earlier than 0:1.0.6-8.z1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section nfs-utils-lib-devel is earlier than 0:1.0.8-7.2.z2 AND nfs-utils-lib is earlier than 0:1.0.8-7.2.z2 AND krb5-workstation is earlier than 0:1.5-29 AND krb5 is earlier than 0:1.5-29 AND krb5-libs is earlier than 0:1.5-29 AND krb5-server is earlier than 0:1.5-29 AND krb5-devel is earlier than 0:1.5-29

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.6.2:::::::* cpe:2.3:a:mit:kerberos_5:1.6.1:::::::* cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::*	12

SAINT Exploits

Description	Link
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow	More info here

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for librpcsecgss File : nvt/sles10_librpcsecgss.nasl
2009-06-03	Name : Solaris Update for rpcsec_gss 126929-02 File : nvt/gb_solaris_126929_02.nasl
2009-06-03	Name : Solaris Update for rpcsec_gss 126928-02 File : nvt/gb_solaris_126928_02.nasl
2009-04-09	Name : Mandriva Update for krb5 MDKSA-2007:174 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174.nasl
2009-04-09	Name : Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) File : nvt/gb_mandriva_MDKSA_2007_181.nasl
2009-04-09	Name : Mandriva Update for krb5 MDKSA-2007:174-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174_1.nasl
2009-03-23	Name : Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 File : nvt/gb_ubuntu_USN_511_1.nasl
2009-03-23	Name : Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 File : nvt/gb_ubuntu_USN_511_2.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-694 File : nvt/gb_fedora_2007_694_krb5_fc6.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-690 File : nvt/gb_fedora_2007_690_krb5_fc6.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl
2009-02-16	Name : Fedora Update for libtirpc FEDORA-2008-1017 File : nvt/gb_fedora_2008_1017_libtirpc_fc8.nasl
2009-02-16	Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200709-01 (mit-krb5) File : nvt/glsa_200709_01.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200710-01 (librcpsecgss) File : nvt/glsa_200710_01.nasl
2008-01-17	Name : Debian Security Advisory DSA 1367-1 (krb5) File : nvt/deb_1367_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1387-1 (librpcsecgss) File : nvt/deb_1387_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1368-1 (librpcsecgss) File : nvt/deb_1368_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1367-2 (krb5) File : nvt/deb_1367_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
37324	MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c s...

Snort® IPS/IDS

Date	Description
2014-01-10	MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt RuleID : 12424 - Revision : 11 - Type : PROTOCOL-RPC

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0951.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0913.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0892.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0858.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071004_nfs_utils_lib_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070919_nfs_utils_lib_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070904_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO
2008-03-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-1017.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_librpcsecgss-4601.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4192.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4249.nasl - Type : ACT_GATHER_INFO
2007-11-14	Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_11.nasl - Type : ACT_GATHER_INFO
2007-11-12	Name : The remote openSUSE host is missing a security update. File : suse_librpcsecgss-4600.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-2.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-1.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2017.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2066.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1387.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_krb5-4248.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_krb5-4191.nasl - Type : ACT_GATHER_INFO
2007-10-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-01.nasl - Type : ACT_GATHER_INFO
2007-10-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO
2007-09-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO
2007-09-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1368.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-181.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-01.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-694.nasl - Type : ACT_GATHER_INFO
2007-09-07	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-174.nasl - Type : ACT_GATHER_INFO
2007-09-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO
2007-09-05	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1367.nasl - Type : ACT_GATHER_INFO
2007-09-05	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-690.nasl - Type : ACT_GATHER_INFO
2007-07-02	Name : The remote host is missing Sun Security Patch number 126928-02 File : solaris8_126928.nasl - Type : ACT_GATHER_INFO
2007-07-02	Name : The remote host is missing Sun Security Patch number 126929-02 File : solaris8_x86_126929.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:16:23	Multiple Updates
2024-11-28 12:13:03	Multiple Updates
2021-05-04 12:06:11	Multiple Updates
2021-04-22 01:06:44	Multiple Updates
2020-05-23 00:20:12	Multiple Updates
2018-10-16 00:19:11	Multiple Updates
2017-09-29 09:23:09	Multiple Updates
2017-07-29 12:02:25	Multiple Updates
2016-04-26 16:25:00	Multiple Updates
2014-02-17 10:41:07	Multiple Updates
2014-01-19 21:24:21	Multiple Updates
2013-05-11 10:32:32	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	12
Sources(s)	62
Saint Exploit(s)	1
osvdb(s)	1
Openvas Exploit(s)	21
Snort® Rule(s)	1
Nessus® Exploit(s)	38

	Related
10	VU#883632
10	USN-511-1
10	SUN-103060
10	RHSA-2007:0951
10	RHSA-2007:0913
10	RHSA-2007:0892
10	RHSA-2007:0858
10	MDKSA-2007:181
10	MDKSA-2007:174-1
10	MDKSA-2007:174
10	GLSA-200710-01
10	GLSA-200709-01
10	DSA-1387
10	DSA-1368
10	DSA-1367
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 15 more Alert(s)