CVE-2007-2798 — Out-of-bounds Write in Kerberos 5

CWE-787 — Out-of-bounds Write8 documents8 sources

Severity

9.0CRITICALNVD

EPSS

34.9%

top 2.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 26

Latest updateMay 3

Description

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmit/kerberos_51.6.1

▶Debianmit/krb5< 1.6.dfsg.1-5+3

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04

Patches

Patch: web.mit.edu ↗Patch: www.kb.cert.org ↗Patch: web.mit.edu ↗

🔴Vulnerability Details

GHSA

GHSA-hfq9-977x-jj82: Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1↗2022-05-03

▶

CVEList

CVE-2007-2798: Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1↗2007-06-26

▶

OSV

CVE-2007-2798: Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1↗2007-06-26

▶

📋Vendor Advisories

Ubuntu

krb5 vulnerabilities↗2007-06-27

▶

Red Hat

krb5 kadmind buffer overflow↗2007-06-26

▶

Debian

CVE-2007-2798: krb5 - Stack-based buffer overflow in the rename_principal_2_svc function in kadmind fo...↗2007

▶

💬Community

Bugzilla

CVE-2007-2798 krb5 kadmind buffer overflow↗2007-06-25

▶