CVE-2007-2443 — Kerberos 5 vulnerability

8 documents8 sources

Severity

8.3HIGHNVD

EPSS

32.3%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 26

Latest updateMay 3

Description

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.6.dfsg.1-5+3

▶NVDmit/kerberos_51.6.1

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: web.mit.edu ↗Patch: web.mit.edu ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-59m5-fjcv-54hx: Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix↗2022-05-03

▶

CVEList

CVE-2007-2443: Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix↗2007-06-26

▶

OSV

CVE-2007-2443: Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix↗2007-06-26

▶

📋Vendor Advisories

Ubuntu

krb5 vulnerabilities↗2007-06-27

▶

Red Hat

krb5 RPC library stack overflow↗2007-06-26

▶

Debian

CVE-2007-2443: krb5 - Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c...↗2007

▶

💬Community

Bugzilla

CVE-2007-2443 krb5 RPC library stack overflow↗2007-06-25

▶