Executive Summary
Summary | |
---|---|
Title | Sun Alert 102985 Security Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code Execution |
Informations | |||
---|---|---|---|
Name | SUN-102985 | First vendor Publication | 2007-07-18 |
Vendor | Sun | Last vendor Modification | 2007-08-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.4 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 4.4 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A security vulnerability in the Kerberos administration daemon (kadmind(1M)) may allow a remote authenticated user to be able to execute arbitrary commands on Kerberos Key Distribution Center(KDC) systems with the privilegs of the kadmind(1M) daemon (usually root). This issue may also allow the remote user to compromise the Kerberos key database or cause the kadmind(1M) daemon to crash, which is a form of Denial of Service (DoS). This issue is referenced in the following documents: Avoidance: Patch State: Resolved First released: 27-Jun-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102985_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1726 | |||
Oval ID: | oval:org.mitre.oval:def:1726 | ||
Title: | Security Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code Execution | ||
Description: | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2798 | Version: | 2 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20462 | |||
Oval ID: | oval:org.mitre.oval:def:20462 | ||
Title: | DSA-1323-1 krb5 | ||
Description: | Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1323-1 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22639 | |||
Oval ID: | oval:org.mitre.oval:def:22639 | ||
Title: | ELSA-2007:0562: krb5 security update (Important) | ||
Description: | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0562-02 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9996 | |||
Oval ID: | oval:org.mitre.oval:def:9996 | ||
Title: | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | ||
Description: | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2798 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:137 (krb5) File : nvt/gb_mandriva_MDKSA_2007_137.nasl |
2009-03-23 | Name : Ubuntu Update for krb5 vulnerabilities USN-477-1 File : nvt/gb_ubuntu_USN_477_1.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-0740 File : nvt/gb_fedora_2007_0740_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-620 File : nvt/gb_fedora_2007_620_krb5_fc5.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-621 File : nvt/gb_fedora_2007_621_krb5_fc6.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2009-01-28 | Name : SuSE Update for krb5 SUSE-SA:2007:038 File : nvt/gb_suse_2007_038.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-11 (mit-krb5) File : nvt/glsa_200707_11.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1323-1 (krb5) File : nvt/deb_1323_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36595 | MIT Kerberos kadmind rename_principal_2_svc Function Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | portmap 2112 udp rename_principal attempt RuleID : 12188 - Revision : 8 - Type : PROTOCOL-RPC |
2014-01-10 | portmap 2112 tcp rename_principal attempt RuleID : 12187 - Revision : 11 - Type : PROTOCOL-RPC |
2014-01-10 | portmap 2112 udp request RuleID : 12186 - Revision : 9 - Type : PROTOCOL-RPC |
2014-01-10 | portmap 2112 tcp request RuleID : 12185 - Revision : 9 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0384.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_krb5_on_SL3.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41166.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41167.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41168.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2007-0006.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-3821.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-477-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0740.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-3820.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200707-11.nasl - Type : ACT_GATHER_INFO |
2007-07-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1323.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-137.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0384.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0562.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0384.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112925-08 File : solaris9_112925.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 116044-04 File : solaris9_x86_116044.nasl - Type : ACT_GATHER_INFO |