Professional OVAL Repository

Id oval:org.mitre.oval:def:9996

Version 30

Class vulnerability

ALTXid 1590

Language English

Severity NotAvailable

Title Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. Description Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

Platform Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5

• Status: ACCEPTED
  Status: ACCEPTED
  
  

  • 2010-07-09T03:56:16-04:00 : submitted
    • SCAP.com, LLC Aharon Chernin
  • 2010-07-28T14:19:10.334-04:00 : status_change DRAFT
  • 2010-08-16T04:15:26.770-04:00 : status_change INTERIM
  • 2010-09-06T04:16:35.766-04:00 : status_change ACCEPTED
  • 2013-04-10T16:24:00.823-04:00 : modified EDITED oval:org.mitre.oval:def:9996 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
    • G2, Inc. Dragos Prisaca
  • 2013-04-10T16:30:02.908-04:00 : status_change INTERIM
  • 2013-04-29T04:24:00.367-04:00 : status_change ACCEPTED

• CVE: CVE-2007-2798
  CVE: CVE-2007-2798
  Id: CVE-2007-2798

  Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798

  
  

  Comment : Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

  
  

  CVSSv2 Score: 9

  Access vector:	COMPLETE
  Access complexity:	LOW
  Authentication:	SINGLE
  Confidentiality impact:	COMPLETE
  Integrity impact:	COMPLETE
  Availability impact:	COMPLETE

  
  CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
  

  
  
  

  CWE: 787 (Out-of-bounds Write)

  
  References:

  • 20070602-01-P (SGI)
  • http://docs.info.apple.com/article.html?artnum=306172 (CONFIRM)
  • SSRT100107 (HP)
  • 20070626 Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability (IDEFENSE)
  • APPLE-SA-2007-07-31 (APPLE)
  • 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player (FULLDISC)
  • 36595 (OSVDB)
  • 25800 (SECUNIA)
  • 25801 (SECUNIA)
  • 25814 (SECUNIA)
  • 25821 (SECUNIA)
  • 25870 (SECUNIA)
  • 25875 (SECUNIA)
  • 25888 (SECUNIA)
  • 25890 (SECUNIA)
  • 25894 (SECUNIA)
  • 25911 (SECUNIA)
  • 26033 (SECUNIA)
  • 26228 (SECUNIA)
  • 26235 (SECUNIA)
  • 26909 (SECUNIA)
  • 27706 (SECUNIA)
  • 40346 (SECUNIA)
  • GLSA-200707-11 (GENTOO)
  • 102985 (SUNALERT)
  • http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt (CONFIRM)
  • DSA-1323 (DEBIAN)
  • VU#554257 (CERT-VN)
  • MDKSA-2007:137 (MANDRIVA)
  • SUSE-SA:2007:038 (SUSE)
  • RHSA-2007:0384 (REDHAT)
  • RHSA-2007:0562 (REDHAT)
  • 20070626 MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow (BUGTRAQ)
  • 20070628 FLEA-2007-0029-1: krb5 krb5-workstation (BUGTRAQ)
  • 20070629 TSLSA-2007-0021 - kerberos5 (BUGTRAQ)
  • 24653 (BID)
  • 25159 (BID)
  • 1018295 (SECTRACK)
  • 2007-0021 (TRUSTIX)
  • USN-477-1 (UBUNTU)
  • TA07-177A (CERT)
  • ADV-2007-2337 (VUPEN)
  • ADV-2007-2370 (VUPEN)
  • ADV-2007-2491 (VUPEN)
  • ADV-2007-2732 (VUPEN)
  • ADV-2007-3229 (VUPEN)
  • ADV-2010-1574 (VUPEN)
  • kerberos-renameprincipal2svc-bo(35080) (XF)
  • https://issues.rpath.com/browse/RPL-1499 (CONFIRM)
  • oval:org.mitre.oval:def:1726 (OVAL)
  • oval:org.mitre.oval:def:7550 (OVAL)
  • oval:org.mitre.oval:def:9996 (OVAL)
  • https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html (CONFIRM)

Expand All

Collapse All