Vulnerability Details : CVE-2007-4743
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2007-4743
Probability of exploitation activity in the next 30 days: 92.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-4743
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-4743
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4743
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSE
-
http://www.ubuntu.com/usn/usn-511-2
-
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Page Not Found | CISAUS Government Resource
-
http://www.redhat.com/support/errata/RHSA-2007-0892.html
- http://www.securityfocus.com/archive/1/478748/100/0/threaded
-
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
Patch
-
http://www.debian.org/security/2007/dsa-1387
-
http://www.vupen.com/english/advisories/2007/3868
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.securityfocus.com/bid/26444
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- https://issues.rpath.com/browse/RPL-1696
- http://www.securityfocus.com/archive/1/478794/100/0/threaded
- http://docs.info.apple.com/article.html?artnum=307041
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239
Products affected by CVE-2007-4743
- cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*