CVE-2007-4743 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos 5

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

10.0CRITICALNVD

EPSS

19.6%

top 4.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedSep 6

Latest updateMay 1

Description

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.6.dfsg.1-7+3

▶NVDmit/kerberos_512 versions+11

Patches

Patch: article.gmane.org ↗Patch: article.gmane.org ↗

🔴Vulnerability Details

GHSA

GHSA-2pm5-h4rp-cjq3: The original patch for CVE-2007-3999 in svc_auth_gss↗2022-05-01

▶

CVEList

CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss↗2007-09-06

▶

OSV

CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss↗2007-09-06

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerability↗2007-09-07

▶

Red Hat

krb5 incomplete fix for CVE-2007-3999↗2007-09-05

▶

Debian

CVE-2007-4743: krb5 - The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC lib...↗2007

▶

💬Community

Bugzilla

CVE-2007-4743 krb5 incomplete fix for CVE-2007-3999↗2007-09-06

▶