HP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
74962b06b4a33ce0a59c0eac814963277e24f8113b42042b84eecfd2ac0c3973
VMware Security Advisory - Updates have been released for arbitrary code execution, denial of service, and other various vulnerabilities in VMware.
f186f94a09bad9dba4b82b1daa59265b1954d193e8533587d0fe2348c1f58bec
Gentoo Linux Security Advisory GLSA 200707-11 - kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials (CVE-2007-2442) and the RPC library can write past the end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to do proper bounds checking (CVE-2007-2798). Versions less than 1.5.2-r3 are affected.
33f574675877e6e34e428ed47ba0d62856a4d1f17a20853263cf9c824e89339f
Mandriva Linux Security Advisory - David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code.
6ee203dc438b51c0afd01d5826b729097fcdc9c2dfdd7f7bbb346792c992045f
Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
59002f1f82964dfb79caa492994de6039dfa2f2cf4ccefbb3b58bbd0d0ec3c72
Ubuntu Security Notice 477-1 - Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.
a591496553000b28a37044bc3cf9fd441d414c58b1c93947c17cb964670cd2d1
iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.
be5f0849e7f1bf120b8913f668f5393a0b1f9c0b40b5028210fa1f9f8539974d
MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
5915f86c61c9564dc34aa5cb655f913b024147f3860c66cbc95b45eba5a08091