Executive Summary
Summary | |
---|---|
Title | MIT Kerberos 5 kadmind buffer overflow vulnerability |
Informations | |||
---|---|---|---|
Name | VU#883632 | First vendor Publication | 2007-09-04 |
Vendor | VU-CERT | Last vendor Modification | 2007-10-26 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#883632MIT Kerberos 5 kadmind buffer overflow vulnerabilityOverviewAn unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code.I. DescriptionKerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. The kadmind daemon is the administration server that runs on the master Kerberos server.From the kadmind manual page:
Note that per MITKRB5-SA-2007-006, versions of kerberos prior to krb5-1.5 are not affected. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code.III. SolutionUpdateThe Kerberos team has released an update to address this issue. Please see MITKRB5-SA-2007-006 for more information on obtaining fixed software.
References
Thanks to the MIT Kerberos team for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/883632 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17654 | |||
Oval ID: | oval:org.mitre.oval:def:17654 | ||
Title: | USN-511-1 -- krb5, librpcsecgss vulnerability | ||
Description: | It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-511-1 CVE-2007-3999 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | krb5 librpcsecgss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18022 | |||
Oval ID: | oval:org.mitre.oval:def:18022 | ||
Title: | DSA-1387-1 librpcsecgss | ||
Description: | It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (<a href="http://security-tracker.debian.org/tracker/CVE-2007-3999">CVE-2007-3999</a>, <a href="dsa-1368">DSA-1368-1</a>) was insufficient to protect from arbitrary code execution in some environments. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1387-1 CVE-2007-4743 CVE-2007-3999 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | librpcsecgss |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18448 | |||
Oval ID: | oval:org.mitre.oval:def:18448 | ||
Title: | DSA-1367-1 krb5 - arbitrary code execution | ||
Description: | It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1367-1 CVE-2007-3999 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20350 | |||
Oval ID: | oval:org.mitre.oval:def:20350 | ||
Title: | DSA-1368-1 librpcsecgss - arbitrary code execution | ||
Description: | It was discovered that a buffer overflow of the library for secure RPC communication over the rpcsec_gss protocol allows the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1368-1 CVE-2007-3999 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | librpcsecgss |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3162 | |||
Oval ID: | oval:org.mitre.oval:def:3162 | ||
Title: | Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M)) | ||
Description: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3999 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9379 | |||
Oval ID: | oval:org.mitre.oval:def:9379 | ||
Title: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Description: | Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3999 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for librpcsecgss File : nvt/sles10_librpcsecgss.nasl |
2009-06-03 | Name : Solaris Update for rpcsec_gss 126929-02 File : nvt/gb_solaris_126929_02.nasl |
2009-06-03 | Name : Solaris Update for rpcsec_gss 126928-02 File : nvt/gb_solaris_126928_02.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174.nasl |
2009-04-09 | Name : Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss) File : nvt/gb_mandriva_MDKSA_2007_181.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174_1.nasl |
2009-03-23 | Name : Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 File : nvt/gb_ubuntu_USN_511_1.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-694 File : nvt/gb_fedora_2007_694_krb5_fc6.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-690 File : nvt/gb_fedora_2007_690_krb5_fc6.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-16 | Name : Fedora Update for libtirpc FEDORA-2008-1017 File : nvt/gb_fedora_2008_1017_libtirpc_fc8.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-01 (mit-krb5) File : nvt/glsa_200709_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-01 (librcpsecgss) File : nvt/glsa_200710_01.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1367-1 (krb5) File : nvt/deb_1367_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1387-1 (librpcsecgss) File : nvt/deb_1387_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1368-1 (librpcsecgss) File : nvt/deb_1368_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1367-2 (krb5) File : nvt/deb_1367_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37324 | MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c s... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt RuleID : 12424 - Revision : 11 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071004_nfs_utils_lib_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070919_nfs_utils_lib_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070904_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1017.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_librpcsecgss-4601.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4249.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4192.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_11.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote openSUSE host is missing a security update. File : suse_librpcsecgss-4600.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2017.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2066.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1387.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4191.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4248.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-01.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0951.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0913.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0892.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1368.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-181.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-01.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-694.nasl - Type : ACT_GATHER_INFO |
2007-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-174.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1367.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-690.nasl - Type : ACT_GATHER_INFO |
2007-07-02 | Name : The remote host is missing Sun Security Patch number 126928-02 File : solaris8_126928.nasl - Type : ACT_GATHER_INFO |
2007-07-02 | Name : The remote host is missing Sun Security Patch number 126929-02 File : solaris8_x86_126929.nasl - Type : ACT_GATHER_INFO |