CVE-2007-2798

 

Published at: - 27-06-2007 12:30

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:C/I:C/A:C

 

Verification logic

 

Reference

• 20070626 Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability-Broken Link
• TA07-177A-Third Party Advisory, US Government Resource
• VU#554257-Patch, Third Party Advisory, US Government Resource
• 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player-Third Party Advisory
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt
• https://issues.rpath.com/browse/RPL-1499
• https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html
• http://docs.info.apple.com/article.html?artnum=306172
• APPLE-SA-2007-07-31-Mailing List, Third Party Advisory
• DSA-1323-Third Party Advisory
• GLSA-200707-11-Third Party Advisory
• MDKSA-2007:137-Third Party Advisory
• RHSA-2007:0384-Third Party Advisory
• RHSA-2007:0562-Third Party Advisory
• 20070602-01-P-Broken Link
• 102985-Broken Link
• SUSE-SA:2007:038-Broken Link
• 2007-0021-Broken Link
• USN-477-1-Third Party Advisory
• 24653-Third Party Advisory, VDB Entry
• 25159-Third Party Advisory, VDB Entry
• 1018295-Third Party Advisory, VDB Entry
• 25821-Third Party Advisory
• 25870-Third Party Advisory
• 25875-Third Party Advisory
• 25890-Third Party Advisory
• 25894-Third Party Advisory
• 25800-Third Party Advisory
• 25801-Third Party Advisory
• 25814-Third Party Advisory
• 25888-Third Party Advisory
• 25911-Third Party Advisory
• 26228-Third Party Advisory
• 26235-Third Party Advisory
• 26033-Third Party Advisory
• 26909-Third Party Advisory
• 27706-Third Party Advisory
• ADV-2010-1574-Third Party Advisory
• 40346-Third Party Advisory
• SSRT100107-Broken Link
• ADV-2007-3229-Third Party Advisory
• ADV-2007-2370-Third Party Advisory
• ADV-2007-2491-Third Party Advisory
• ADV-2007-2732-Third Party Advisory
• ADV-2007-2337-Third Party Advisory
• 36595-Broken Link
• kerberos-renameprincipal2svc-bo(35080)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:9996-Third Party Advisory
• oval:org.mitre.oval:def:7550-Broken Link, Third Party Advisory
• oval:org.mitre.oval:def:1726-Broken Link, Third Party Advisory
• 20070629 TSLSA-2007-0021 - kerberos5-Third Party Advisory, VDB Entry
• 20070628 FLEA-2007-0029-1: krb5 krb5-workstation-Third Party Advisory, VDB Entry
• 20070626 MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2007-2798

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures