SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   kadmind (please use Kerberos) Vendors:   MIT
(HP Issues Fix for HP-UX) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024147
SecurityTracker URL:  http://securitytracker.com/id/1024147
CVE Reference:   CVE-2007-2798   (Links to External Site)
Date:  Jun 24 2010
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5-1.6.1 and prior versions
Description:   A vulnerability was reported in the krb5 Kerberos administration daemon (kadmind). A remote authenticated user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow in the rename_principal_2_svc() function and execute arbitrary code on the target system. The code will run with the privileges of the target service (typically root privileges).

Authentication is required to exploit this vulnerability, but administrative privileges are not required.

The vendor was notified on May 15, 2007.

iDefense reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   HP has issued a fix.

For Kerberos Web Update (KRB5CLIENT):

B.11.11 (11i v1):

KRB5CLIENT_C.1.3.5.10_HP_UX_B.11.11_32_64.depot or subsequent

B.11.23 (11i v2):

KRB5CLIENT_D.1.6.2.08_HP-UX_B.11.23_IA_PA.depot or subsequent

B.11.31 (11i v3):

KRB5CLIENT_E.1.6.2.08_HP-UX_B.11.31_IA_PA.depot or subsequent

For Kerberos Client Product in Core-OS (KRB5-Client):

B.11.11 (11i v1): PHSS_41166 or subsequent
B.11.23 (11i v2): PHSS_41167 or subsequent
B.11.31 (11i v3): PHSS_41168 or subsequent

The HP advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427

Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (HP/UX)
Underlying OS Comments:  B.11.11, B.11.23, B.11.31

Message History:   This archive entry is a follow-up to the message listed below.
Jun 26 2007 Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC