Vulnerability Details : CVE-2007-4743
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Vulnerability category: Overflow
Products affected by CVE-2007-4743
- cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4743
51.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4743
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-4743
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4743
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSE
-
http://www.ubuntu.com/usn/usn-511-2
USN-511-2: Kerberos vulnerability | Ubuntu security notices | Ubuntu
-
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Page Not Found | CISAUS Government Resource
-
http://www.redhat.com/support/errata/RHSA-2007-0892.html
Support
-
http://www.securityfocus.com/archive/1/478748/100/0/threaded
-
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
Patch
-
http://www.debian.org/security/2007/dsa-1387
[SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2007/3868
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/26444
-
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
-
https://issues.rpath.com/browse/RPL-1696
-
http://www.securityfocus.com/archive/1/478794/100/0/threaded
-
http://docs.info.apple.com/article.html?artnum=307041
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239
404 Not Found
Jump to