SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018293
SecurityTracker URL:  http://securitytracker.com/id/1018293
CVE Reference:   CVE-2007-2442, CVE-2007-2443   (Links to External Site)
Date:  Jun 26 2007
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5-1.6.1 and prior versions
Description:   A vulnerability was reported in Kerberos. A remote user may be able to execute arbitrary code on the target system.

A remote user can send specially crafted data to cause the gssrpc__svcauth_gssapi() function in 'src/lib/rpc/svc_auth_gssapi.c' to attempt to free an uninitialized 'creds' parameter [CVE-2007-2442]. This may allow the remote user to execute arbitrary code on the target system with the privileges of the target service (root privileges), or to crash the target service.

A remote user can send specially crafted data to cause the gssrpc__svcauth_unix() function in 'src/lib/rpc/svc_auth_unix.c' to potentially execute arbitrary code.

MIT credits Wei Wang of McAfee Avert Labs with discovering these vulnerabilities.

Impact:   A remote user may be able to execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a patch, available at:

http://web.mit.edu/kerberos/advisories/2007-004-patch.txt

The fix will be included in the upcoming krb5-1.6.2 release and krb5-1.5.4 maintenance release.

The MIT advisory is available at:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt

Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 26 2007 (Red Hat Issues Fix) Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Jun 26 2007 (Red Hat Issues Fix) Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Jul 3 2007 (Sun Issues Fix for Solaris) Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Solaris.
Jul 13 2007 (Novell Issues Fix for Novell KDC) Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
Novell issues fix for Novell KDC.
Jun 24 2010 (HP Issues Fix for HP-UX) Kerberos kadmind RPC Library Bugs May Let Remote Users Execute Arbitrary Code
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC