CVE-2007-4743

Related Files

Debian Linux Security Advisory 1387-1

Posted Oct 15, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1387-1 - It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments.

tags | advisory, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2007-4743, CVE-2007-3999

SHA-256 | 50340db3d4f805bcb3c5658fae5d3bac545c80c6847e50ed51e7ec67dc91cd72

Download | Favorite | View

Mandriva Linux Security Advisory 2007.174

Posted Sep 8, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash. This issue is only applicable to Kerberos 1.4 and higher. Garrett Wollman found an uninitialized pointer vulnerability in kadmind which a remote unauthenticated attacker able to access kadmind could exploit to cause kadmind to crash. This issue is only applicable to Kerberos 1.5 and higher. The MIT Kerberos Team found a problem with the originally published patch for CVE-2007-3999. A remote unauthenticated attacker able to access kadmind could trigger this flaw and cause kadmind to crash.

tags | advisory, remote, overflow

systems | linux, mandriva

advisories | CVE-2007-3999, CVE-2007-4000, CVE-2007-4743

SHA-256 | 419c6d6e4703fc5ed341977474f79acb6d9a9c8398ff622b03be2b6d07615035

Download | Favorite | View