Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0892

The remote host is missing updates announced in
advisory RHSA-2007:0892.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC. kadmind is the KADM5 administration

The MIT Kerberos Team discovered a problem with the originally published
patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated
attacker who can access kadmind could trigger this flaw and cause kadmind
to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this
flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE.

This issue did not affect the versions of Kerberos distributed with Red
Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which
contain a corrected backported fix for this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4743
BugTraq ID: 26444
Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
Bugtraq: 20070907 FLEA-2007-0050-1 krb5 krb5-workstation (Google Search)
Cert/CC Advisory: TA07-319A
Debian Security Information: DSA-1387 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:019 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3999
BugTraq ID: 25534
Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search)
CERT/CC vulnerability note: VU#883632
Debian Security Information: DSA-1367 (Google Search)
Debian Security Information: DSA-1368 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
XForce ISS Database: kerberos-rpcsecgss-bo(36437)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.