SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   kadmind (please use Kerberos) Vendors:   MIT
Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018295
SecurityTracker URL:  http://securitytracker.com/id/1018295
CVE Reference:   CVE-2007-2798   (Links to External Site)
Date:  Jun 26 2007
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5-1.6.1 and prior versions
Description:   A vulnerability was reported in the krb5 Kerberos administration daemon (kadmind). A remote authenticated user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow in the rename_principal_2_svc() function and execute arbitrary code on the target system. The code will run with the privileges of the target service (typically root privileges).

Authentication is required to exploit this vulnerability, but administrative privileges are not required.

The vendor was notified on May 15, 2007.

iDefense reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a patch, available at:

http://web.mit.edu/kerberos/advisories/2007-005-patch.txt

The patch requires MITKRB5-SA-2007-002 as a prerequisite and includes the MITKRB5-SA-2007-002. Note that the krb5-1.6.1 and krb5-1.5.3 releases already include the prerequisite patch.

The fix will be included in the upcoming krb5-1.6.2 release and krb5-1.5.4 maintenance release.

The MIT advisory is available at:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 26 2007 (Red Hat Issues Fix) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Jun 26 2007 (Red Hat Issues Fix) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Jul 13 2007 (Novell Issues Fix for Novell KDC) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
Novell has issued a fix for Novell KDC.
Jun 24 2010 (HP Issues Fix for HP-UX) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC