exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2007-2798

Status Candidate

Overview

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

Related Files

HP Security Bulletin HPSBUX02544 SSRT100107
Posted Jun 26, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2010-1321
MD5 | d7ec6c273171108b603677cb0855feb9
VMware Security Advisory 2007-0006
Posted Sep 20, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been released for arbitrary code execution, denial of service, and other various vulnerabilities in VMware.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2007-2446, CVE-2007-2447, CVE-2007-0494, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4059, CVE-2007-4155, CVE-2007-4496, CVE-2007-4497, CVE-2007-1856, CVE-2006-1174, CVE-2006-4600, CVE-2004-0813, CVE-2007-1716
MD5 | 75a1ac8862ee8690edac336336695646
Gentoo Linux Security Advisory 200707-11
Posted Jul 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200707-11 - kadmind is affected by multiple vulnerabilities in the RPC library shipped with MIT Kerberos 5. It fails to properly handle zero-length RPC credentials (CVE-2007-2442) and the RPC library can write past the end of the stack buffer (CVE-2007-2443). Furthermore kadmind fails to do proper bounds checking (CVE-2007-2798). Versions less than 1.5.2-r3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
MD5 | 7927176b970a80f882fa74621e25724c
Mandriva Linux Security Advisory 2007.137
Posted Jun 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
MD5 | 2e1a3145902e2c36d59b1688739cdf10
Debian Linux Security Advisory 1323-1
Posted Jun 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
MD5 | 9675f44fcc9ff2e27cb29ebe574700e6
Ubuntu Security Notice 477-1
Posted Jun 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 477-1 - Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
MD5 | 688105ec1e7c951d3c3189647680931f
iDEFENSE Security Advisory 2007-06-26.1
Posted Jun 29, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, fedora
advisories | CVE-2007-2798
MD5 | 0a3aed3cee081a68d9792187e97223c2
MITKRB5-SA-2007-005.txt
Posted Jun 29, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.

tags | advisory, overflow
advisories | CVE-2007-2798
MD5 | 3b63b81d16f0b2afba7c8a2f903d53f7
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close