CVE-2007-3999
Last modified
CVE-2007-3999 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.. EPSS estimates a 10.91% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos 5 | 1.4 |
| Mit | Kerberos 5 | 1.4.1 |
| Mit | Kerberos 5 | 1.4.2 |
| Mit | Kerberos 5 | 1.4.3 |
| Mit | Kerberos 5 | 1.4.4 |
| Mit | Kerberos 5 | 1.5 |
| Mit | Kerberos 5 | 1.5.1 |
| Mit | Kerberos 5 | 1.5.2 |
| Mit | Kerberos 5 | 1.5.3 |
| Mit | Kerberos 5 | 1.6 |
| Mit | Kerberos 5 | 1.6.1 |
| Mit | Kerberos 5 | 1.6.2 |
References
- http://secunia.com/advisories/26676Vendor Advisory
- http://secunia.com/advisories/26680Vendor Advisory
- http://secunia.com/advisories/26684Vendor Advisory
- http://secunia.com/advisories/26691Vendor Advisory
- http://secunia.com/advisories/26697Vendor Advisory
- http://secunia.com/advisories/26699Vendor Advisory
- http://secunia.com/advisories/26700Vendor Advisory
- http://secunia.com/advisories/26705Vendor Advisory
- http://secunia.com/advisories/26713Vendor Advisory
- http://secunia.com/advisories/26728Vendor Advisory
- http://secunia.com/advisories/26783Vendor Advisory
- http://secunia.com/advisories/26792Vendor Advisory
- http://secunia.com/advisories/26822Vendor Advisory
- http://secunia.com/advisories/26896Vendor Advisory
- http://secunia.com/advisories/26987Vendor Advisory
- http://secunia.com/advisories/27043Vendor Advisory
- http://secunia.com/advisories/27081Vendor Advisory
- http://secunia.com/advisories/27146Vendor Advisory
- http://secunia.com/advisories/27643Vendor Advisory
- http://www.kb.cert.org/vuls/id/883632US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
- http://secunia.com/advisories/26676Vendor Advisory
- http://secunia.com/advisories/26680Vendor Advisory
- http://secunia.com/advisories/26684Vendor Advisory
- http://secunia.com/advisories/26691Vendor Advisory
- http://secunia.com/advisories/26697Vendor Advisory
- http://secunia.com/advisories/26699Vendor Advisory
- http://secunia.com/advisories/26700Vendor Advisory
- http://secunia.com/advisories/26705Vendor Advisory
- http://secunia.com/advisories/26713Vendor Advisory
- http://secunia.com/advisories/26728Vendor Advisory
- http://secunia.com/advisories/26783Vendor Advisory
- http://secunia.com/advisories/26792Vendor Advisory
- http://secunia.com/advisories/26822Vendor Advisory
- http://secunia.com/advisories/26896Vendor Advisory
- http://secunia.com/advisories/26987Vendor Advisory
- http://secunia.com/advisories/27043Vendor Advisory
- http://secunia.com/advisories/27081Vendor Advisory
- http://secunia.com/advisories/27146Vendor Advisory
- http://secunia.com/advisories/27643Vendor Advisory
- http://www.kb.cert.org/vuls/id/883632US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3999?
How severe is CVE-2007-3999?
How do I fix CVE-2007-3999?
Are you affected by CVE-2007-3999?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST