QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-3999

Back to search

CVE-2007-3999

Published: Sep 5, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

VendorProductVersions

n/a

n/a

affected
n/a

References

GLSA-200709-01
vendor-advisory
x_refsource_GENTOO
FEDORA-2007-2017
vendor-advisory
x_refsource_FEDORA
26713
third-party-advisory
x_refsource_SECUNIA
26822
third-party-advisory
x_refsource_SECUNIA
27043
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0803
vdb-entry
x_refsource_VUPEN
26699
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:019
vendor-advisory
x_refsource_SUSE
ADV-2007-3060
vdb-entry
x_refsource_VUPEN
26680
third-party-advisory
x_refsource_SECUNIA
26783
third-party-advisory
x_refsource_SECUNIA
1018647
vdb-entry
x_refsource_SECTRACK
26444
vdb-entry
x_refsource_BID
ADV-2007-3051
vdb-entry
x_refsource_VUPEN
27756
third-party-advisory
x_refsource_SECUNIA
26684
third-party-advisory
x_refsource_SECUNIA
DSA-1367
vendor-advisory
x_refsource_DEBIAN
RHSA-2007:0951
vendor-advisory
x_refsource_REDHAT
26728
third-party-advisory
x_refsource_SECUNIA
26700
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:3162
vdb-entry
signature
x_refsource_OVAL
26987
third-party-advisory
x_refsource_SECUNIA
2007-0026
vendor-advisory
x_refsource_TRUSTIX
26676
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9379
vdb-entry
signature
x_refsource_OVAL
APPLE-SA-2007-11-14
vendor-advisory
x_refsource_APPLE
USN-511-1
vendor-advisory
x_refsource_UBUNTU
27081
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:024
vendor-advisory
x_refsource_SUSE
29270
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-1017
vendor-advisory
x_refsource_FEDORA
201319
vendor-advisory
x_refsource_SUNALERT
ADV-2007-3868
vdb-entry
x_refsource_VUPEN
GLSA-200710-01
vendor-advisory
x_refsource_GENTOO
RHSA-2007:0913
vendor-advisory
x_refsource_REDHAT
DSA-1368
vendor-advisory
x_refsource_DEBIAN
RHSA-2007:0858
vendor-advisory
x_refsource_REDHAT
MDKSA-2007:181
vendor-advisory
x_refsource_MANDRIVA
26691
third-party-advisory
x_refsource_SECUNIA
26896
third-party-advisory
x_refsource_SECUNIA
26697
third-party-advisory
x_refsource_SECUNIA
27146
third-party-advisory
x_refsource_SECUNIA
VU#883632
third-party-advisory
x_refsource_CERT-VN
27643
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3052
vdb-entry
x_refsource_VUPEN
kerberos-rpcsecgss-bo(36437)
vdb-entry
x_refsource_XF
25534
vdb-entry
x_refsource_BID
TA07-319A
third-party-advisory
x_refsource_CERT
26705
third-party-advisory
x_refsource_SECUNIA
3092
third-party-advisory
x_refsource_SREASON
26792
third-party-advisory
x_refsource_SECUNIA
29247
third-party-advisory
x_refsource_SECUNIA
103060
vendor-advisory
x_refsource_SUNALERT
MDKSA-2007:174
vendor-advisory
x_refsource_MANDRIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now