Executive Summary
Summary | |
---|---|
Title | MIT Kerberos 5 kadmind privilege escalation vulnerability |
Informations | |||
---|---|---|---|
Name | VU#377544 | First vendor Publication | 2007-09-04 |
Vendor | VU-CERT | Last vendor Modification | 2007-09-06 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#377544MIT Kerberos 5 kadmind privilege escalation vulnerabilityOverviewMIT Kerberos kadmind contains a privilege escalation vulnerability that may allow an authenticated attacker to execute code with root privileges.I. DescriptionKerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. The kadmind daemon is the administration server that runs on the master Kerberos server.From the kadmind manual page:
II. ImpactA local attacker, who has modify policy privileges, may be able to execute arbitrary code with elevated privilegesIII. SolutionUpdateThe Kerberos team has released an update to address this issue. Please see MITKRB5-SA-2007-006 for more information on obtaining fixed software.
References
Thanks to the MIT Kerberos team for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/377544 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22682 | |||
Oval ID: | oval:org.mitre.oval:def:22682 | ||
Title: | ELSA-2007:0858: krb5 security update (Important) | ||
Description: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0858-01 CVE-2007-3999 CVE-2007-4000 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9278 | |||
Oval ID: | oval:org.mitre.oval:def:9278 | ||
Title: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Description: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4000 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174_1.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-690 File : nvt/gb_fedora_2007_690_krb5_fc6.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-01 (mit-krb5) File : nvt/glsa_200709_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37325 | MIT Kerberos 5 kadmind lib/kadm5/srv/svr_policy.c kadm5_modify_policy_interna... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070904_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4192.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4249.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2017.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4191.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4248.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-01.nasl - Type : ACT_GATHER_INFO |
2007-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-174.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-690.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |