Back to search
CVE-2007-4743
Published: Sep 6, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1387
vendor-advisory
x_refsource_DEBIAN
26699
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:019
vendor-advisory
x_refsource_SUSE
RHSA-2007:0892
vendor-advisory
x_refsource_REDHAT
https://issues.rpath.com/browse/RPL-1696
x_refsource_CONFIRM
26444
vdb-entry
x_refsource_BID
USN-511-2
vendor-advisory
x_refsource_UBUNTU
20070907 FLEA-2007-0050-1 krb5 krb5-workstation
mailing-list
x_refsource_BUGTRAQ
26987
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2007-11-14
vendor-advisory
x_refsource_APPLE
http://docs.info.apple.com/article.html?artnum=307041
x_refsource_CONFIRM
20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:10239
vdb-entry
signature
x_refsource_OVAL
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
x_refsource_CONFIRM
ADV-2007-3868
vdb-entry
x_refsource_VUPEN
27643
third-party-advisory
x_refsource_SECUNIA
TA07-319A
third-party-advisory
x_refsource_CERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now