Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0858

The remote host is missing updates announced in
advisory RHSA-2007:0858.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC. kadmind is the KADM5 administration

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash. On Red Hat
Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary
code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. (CVE-2007-4000)

These issues did not affect the versions of Kerberos distributed with Red
Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which
contain backported fixes to correct these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3999
BugTraq ID: 25534
BugTraq ID: 26444
Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search)
Cert/CC Advisory: TA07-319A
CERT/CC vulnerability note: VU#883632
Debian Security Information: DSA-1367 (Google Search)
Debian Security Information: DSA-1368 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:019 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
XForce ISS Database: kerberos-rpcsecgss-bo(36437)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4000
BugTraq ID: 25533
Bugtraq: 20070907 FLEA-2007-0050-1 krb5 krb5-workstation (Google Search)
CERT/CC vulnerability note: VU#377544
XForce ISS Database: kerberos-modifypolicy-code-execution(36438)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.