Vulnerability Details : CVE-2007-3999

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Publish Date : 2007-09-05 Last Update Date : 2018-10-15

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	10.0
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflow
CWE ID	119

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	important			2007-08-03	2007-09-04

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
CVE-2007-3999	oval:org.opensuse.security:def:20073999	unix
DSA-1367-1 krb5 - arbitrary code execution	oval:org.mitre.oval:def:18448	unix
DSA-1368-1 librpcsecgss - arbitrary code execution	oval:org.mitre.oval:def:20350	unix
DSA-1387-1 librpcsecgss	oval:org.mitre.oval:def:18022	unix
ELSA-2007:0858: krb5 security update (Important)	oval:org.mitre.oval:def:22682	unix
ELSA-2007:0951: nfs-utils-lib security update (Important)	oval:org.mitre.oval:def:22280	unix
RHSA-2007:0858: krb5 security update (Important)	oval:com.redhat.rhsa:def:20070858	unix
RHSA-2007:0913: nfs-utils-lib security update (Important)	oval:com.redhat.rhsa:def:20070913	unix
RHSA-2007:0951: nfs-utils-lib security update (Important)	oval:com.redhat.rhsa:def:20070951	unix
Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))	oval:org.mitre.oval:def:3162	unix
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library...	oval:org.mitre.oval:def:9379	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2007-3999

#	Product Type	Vendor	Product	Version
1	Application	MIT	Kerberos	5-1.4	Version Details Vulnerabilities
2	Application	MIT	Kerberos	5-1.4.1	Version Details Vulnerabilities
3	Application	MIT	Kerberos	5-1.4.2	Version Details Vulnerabilities
4	Application	MIT	Kerberos	5-1.4.3	Version Details Vulnerabilities
5	Application	MIT	Kerberos	5-1.4.4	Version Details Vulnerabilities
6	Application	MIT	Kerberos	5-1.5	Version Details Vulnerabilities
7	Application	MIT	Kerberos	5-1.5.1	Version Details Vulnerabilities
8	Application	MIT	Kerberos	5-1.5.2	Version Details Vulnerabilities
9	Application	MIT	Kerberos	5-1.5.3	Version Details Vulnerabilities
10	Application	MIT	Kerberos	5-1.6	Version Details Vulnerabilities
11	Application	MIT	Kerberos	5-1.6.1	Version Details Vulnerabilities
12	Application	MIT	Kerberos	5-1.6.2	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
MIT	Kerberos	12

- References For CVE-2007-3999

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
FEDORA FEDORA-2007-2017

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html
FEDORA FEDORA-2008-1017

https://exchange.xforce.ibmcloud.com/vulnerabilities/36437
XF kerberos-rpcsecgss-bo(36437)

https://bugzilla.redhat.com/show_bug.cgi?id=250973

http://www.zerodayinitiative.com/advisories/ZDI-07-052.html

http://www.vupen.com/english/advisories/2008/0803/references
VUPEN ADV-2008-0803

http://www.vupen.com/english/advisories/2007/3868
VUPEN ADV-2007-3868

http://www.vupen.com/english/advisories/2007/3051
VUPEN ADV-2007-3051

http://www.vupen.com/english/advisories/2007/3052
VUPEN ADV-2007-3052

http://www.vupen.com/english/advisories/2007/3060
VUPEN ADV-2007-3060

http://www.us-cert.gov/cas/techalerts/TA07-319A.html
CERT TA07-319A

http://www.securityfocus.com/bid/26444
BID 26444 Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities Release Date:2008-03-18

http://www.securitytracker.com/id?1018647
SECTRACK 1018647

http://www.trustix.org/errata/2007/0026/
TRUSTIX 2007-0026

http://www.ubuntu.com/usn/usn-511-1
UBUNTU USN-511-1

http://www.securityfocus.com/archive/1/478748/100/0/threaded
BUGTRAQ 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

http://www.securityfocus.com/bid/25534
BID 25534 MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability Release Date:2008-03-07

http://www.securityfocus.com/archive/1/479251/100/0/threaded
BUGTRAQ 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability

http://www.redhat.com/support/errata/RHSA-2007-0951.html
REDHAT RHSA-2007:0951

http://www.redhat.com/support/errata/RHSA-2007-0913.html
REDHAT RHSA-2007:0913

http://www.redhat.com/support/errata/RHSA-2007-0858.html
REDHAT RHSA-2007:0858

http://www.novell.com/linux/security/advisories/2007_24_sr.html
SUSE SUSE-SR:2007:024

http://www.novell.com/linux/security/advisories/2007_19_sr.html
SUSE SUSE-SR:2007:019

http://www.mandriva.com/security/advisories?name=MDKSA-2007:181
MANDRIVA MDKSA-2007:181

http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
MANDRIVA MDKSA-2007:174

http://www.kb.cert.org/vuls/id/883632
CERT-VN VU#883632

http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
GENTOO GLSA-200709-01

http://www.debian.org/security/2007/dsa-1368
DEBIAN DSA-1368

http://www.debian.org/security/2007/dsa-1367
DEBIAN DSA-1367

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt CONFIRM

http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1
SUNALERT 201319

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1
SUNALERT 103060

http://securityreason.com/securityalert/3092
SREASON 3092

http://security.gentoo.org/glsa/glsa-200710-01.xml
GENTOO GLSA-200710-01

http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html
MLIST [security-announce] 20070906 rPSA-2007-0179-2 krb5 krb5-server krb5-services krb5-test krb5-workstation

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
APPLE APPLE-SA-2007-11-14

http://docs.info.apple.com/article.html?artnum=307041 CONFIRM

- Metasploit Modules Related To CVE-2007-3999

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)