CVE-2007-4743
published 2007-09-06CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos…
PriorityP341critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.61%
90.5th percentile
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.1-7 (bookworm) | krb5 1.6.dfsg.1-7 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.6.dfsg.1-7 | 1.6.dfsg.1-7 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-7 | 1.6.dfsg.1-7 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-7 | 1.6.dfsg.1-7 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-7 | 1.6.dfsg.1-7 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2007-09-07
CVE-2007-4743 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: Kerberos vulnerability
USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were
incomplete, and only reduced the scope of the vulnerability, without fully
solving it. This update fixes the problem.
Original advisory details:
It was discovered that the libraries handling RPCSEC_GSS did not correctly
validate the size of certain packet structures. An unauthenticated remote
user could send a specially crafted request and execute arbitrary code
with root privileges.
Instructions: In general, a standard system upgrade is sufficient to affect the
necessary changes.
Red Hat
krb5 incomplete fix for CVE-2007-3999
vendor_redhat·2007-09-05·CVSS 10.0
CVE-2007-4743 [CRITICAL] krb5 incomplete fix for CVE-2007-3999
krb5 incomplete fix for CVE-2007-3999
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Debian
CVE-2007-4743: krb5 - The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC lib...
vendor_debian·2007·CVSS 10.0
CVE-2007-4743 [CRITICAL] CVE-2007-4743: krb5 - The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC lib...
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.1-7)
bullseye: resolved (fixed in 1.6.dfsg.1-7)
forky: resolved (fixed in 1.6.dfsg.1-7)
sid: resolved (fixed in 1.6.dfsg.1-7)
trixie: resolved (fixed in 1.6.dfsg.1-7)
GHSA
GHSA-2pm5-h4rp-cjq3: The original patch for CVE-2007-3999 in svc_auth_gss
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-4743 [CRITICAL] CWE-119 GHSA-2pm5-h4rp-cjq3: The original patch for CVE-2007-3999 in svc_auth_gss
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
OSV
CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss
osv·2007-09-06·CVSS 10.0
CVE-2007-4743 [CRITICAL] CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
No detection rules found.
No public exploits indexed.
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86http://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://secunia.com/advisories/26699http://secunia.com/advisories/26987http://secunia.com/advisories/27643http://www.debian.org/security/2007/dsa-1387http://www.novell.com/linux/security/advisories/2007_19_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0892.htmlhttp://www.securityfocus.com/archive/1/478748/100/0/threadedhttp://www.securityfocus.com/archive/1/478794/100/0/threadedhttp://www.securityfocus.com/bid/26444http://www.ubuntu.com/usn/usn-511-2http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/3868https://issues.rpath.com/browse/RPL-1696https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86http://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://secunia.com/advisories/26699http://secunia.com/advisories/26987http://secunia.com/advisories/27643http://www.debian.org/security/2007/dsa-1387http://www.novell.com/linux/security/advisories/2007_19_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0892.htmlhttp://www.securityfocus.com/archive/1/478748/100/0/threadedhttp://www.securityfocus.com/archive/1/478794/100/0/threadedhttp://www.securityfocus.com/bid/26444http://www.ubuntu.com/usn/usn-511-2http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/3868https://issues.rpath.com/browse/RPL-1696https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239
2007-09-06
Published