Vulnerability Details : CVE-2007-3999
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-3999
- cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3999
29.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3999
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-3999
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3999
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSE
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2007-0951.html
Support
-
http://secunia.com/advisories/26987
About Secunia Research | FlexeraVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:181
Mandriva
-
http://securityreason.com/securityalert/3092
MIT krb5 Security Advisory 2007-006 - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36437
Kerberos kadmind svcauth_gss_validate buffer overflow CVE-2007-4743 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/883632
VU#883632 - MIT Kerberos 5 kadmind buffer overflow vulnerabilityUS Government Resource
-
http://www.redhat.com/support/errata/RHSA-2007-0913.html
Support
-
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Page Not Found | CISAUS Government Resource
-
http://www.securitytracker.com/id?1018647
-
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200709-01) — Gentoo security
-
http://www.securityfocus.com/archive/1/479251/100/0/threaded
-
http://secunia.com/advisories/26699
About Secunia Research | FlexeraVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162
404 Not Found
-
http://www.zerodayinitiative.com/advisories/ZDI-07-052.html
ZDI-07-052 | Zero Day Initiative
-
http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm
ASA-2007-396 (RHSA-2007-0913)
-
http://www.securityfocus.com/archive/1/478748/100/0/threaded
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html
[SECURITY] Fedora 8 Update: libtirpc-0.1.7-15.fc8
-
http://www.vupen.com/english/advisories/2007/3052
Site en construction
-
http://secunia.com/advisories/26700
About Secunia Research | FlexeraVendor Advisory
-
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
-
http://www.vupen.com/english/advisories/2007/3060
Site en construction
-
http://security.gentoo.org/glsa/glsa-200710-01.xml
RPCSEC_GSS library: Buffer overflow (GLSA 200710-01) — Gentoo security
-
http://secunia.com/advisories/26783
About Secunia Research | FlexeraVendor Advisory
-
http://www.trustix.org/errata/2007/0026/
Trustix | Empowering Trust and Security in the Digital Age
-
http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html
-
https://bugzilla.redhat.com/show_bug.cgi?id=250973
250973 – (CVE-2007-3999) CVE-2007-3999 krb5 RPC library buffer overflow
-
http://secunia.com/advisories/29270
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1368
[SECURITY] [DSA 1368-1] New librpcsecgss packages fix arbitrary code execution
-
http://secunia.com/advisories/26713
About Secunia Research | FlexeraVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
[SECURITY] Fedora 7 Update: krb5-1.6.1-3.fc7
-
http://www.debian.org/security/2007/dsa-1367
[SECURITY] [DSA 1367-1] New krb5 packages fix arbitrary code execution
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1
-
http://www.vupen.com/english/advisories/2007/3868
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/25534
-
http://secunia.com/advisories/26705
About Secunia Research | FlexeraVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0858.html
Support
-
http://secunia.com/advisories/26822
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26697
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2007/3051
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/27643
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26691
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/26444
-
http://secunia.com/advisories/29247
About Secunia Research | Flexera
-
http://secunia.com/advisories/26680
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/0803/references
Site en construction
-
http://www.ubuntu.com/usn/usn-511-1
USN-511-1: Kerberos vulnerability | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/26896
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/27043
About Secunia Research | FlexeraVendor Advisory
-
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
-
http://secunia.com/advisories/27756
About Secunia Research | Flexera
-
http://secunia.com/advisories/26792
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26684
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26728
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/27146
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26676
About Secunia Research | FlexeraVendor Advisory
-
http://www.novell.com/linux/security/advisories/2007_24_sr.html
Security - Support | SUSE
-
http://secunia.com/advisories/27081
About Secunia Research | FlexeraVendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1
-
http://docs.info.apple.com/article.html?artnum=307041
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
Advisories | Mandriva
Jump to