cbcvebase.
CVE-2007-3999
published 2007-09-06

CVE-2007-3999: The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos…

PriorityP349critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.91%
95.3th percentile
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Affected

17 ranges
VendorProductVersion rangeFixed in
debiankrb5< krb5 1.6.dfsg.1-7 (bookworm)krb5 1.6.dfsg.1-7 (bookworm)
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkrb5>= 0 < 1.6.dfsg.1-71.6.dfsg.1-7
mitkrb5>= 0 < 1.6.dfsg.1-71.6.dfsg.1-7
mitkrb5>= 0 < 1.6.dfsg.1-71.6.dfsg.1-7
mitkrb5>= 0 < 1.6.dfsg.1-71.6.dfsg.1-7

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerable function is `svcauth_gss_validate` in `lib/rpc/svc_auth_gss.c` (librpcsecgss). A stack-based buffer overflow is triggered via a long string in an RPC message targeting the RPCSEC_GSS RPC library used by kadmind.
  • The attack vector is unauthenticated — no valid Kerberos credentials are required. Monitor for anomalously large RPCSEC_GSS RPC packets arriving at kadmind (default port 749/tcp) from unauthenticated sources.
  • ·The vulnerability affects not only kadmind but also third-party applications that link against librpcsecgss/krb5. Any such application accepting RPC connections should be treated as potentially exposed.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.