CVE-2007-3999: Buffer Overflow
First published: Mon Aug 06 2007(Updated: )
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/0.1.7 | <15. | 15. |
| MIT Kerberos 5 Application | =1.4 | |
| MIT Kerberos 5 Application | =1.4.1 | |
| MIT Kerberos 5 Application | =1.4.2 | |
| MIT Kerberos 5 Application | =1.4.3 | |
| MIT Kerberos 5 Application | =1.4.4 | |
| MIT Kerberos 5 Application | =1.5 | |
| MIT Kerberos 5 Application | =1.5.1 | |
| MIT Kerberos 5 Application | =1.5.2 | |
| MIT Kerberos 5 Application | =1.5.3 | |
| MIT Kerberos 5 Application | =1.6 | |
| MIT Kerberos 5 Application | =1.6.1 | |
| MIT Kerberos 5 Application | =1.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=250973
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
- http://www.redhat.com/support/errata/RHSA-2007-0858.html
- http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html
- http://www.zerodayinitiative.com/advisories/ZDI-07-052.html
- http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm
- http://docs.info.apple.com/article.html?artnum=307041
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- http://www.debian.org/security/2007/dsa-1367
- http://www.debian.org/security/2007/dsa-1368
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
- http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
- http://security.gentoo.org/glsa/glsa-200710-01.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:181
- http://www.redhat.com/support/errata/RHSA-2007-0913.html
- http://www.redhat.com/support/errata/RHSA-2007-0951.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
- http://www.trustix.org/errata/2007/0026/
- http://www.ubuntu.com/usn/usn-511-1
- http://www.us-cert.gov/cas/techalerts/TA07-319A.html
- http://www.kb.cert.org/vuls/id/883632
- http://www.securityfocus.com/bid/25534
- http://www.securityfocus.com/bid/26444
- http://www.securitytracker.com/id?1018647
- http://secunia.com/advisories/26680
- http://secunia.com/advisories/26699
- http://secunia.com/advisories/26728
- http://secunia.com/advisories/26676
- http://secunia.com/advisories/26684
- http://secunia.com/advisories/26691
- http://secunia.com/advisories/26700
- http://secunia.com/advisories/26705
- http://secunia.com/advisories/26792
- http://secunia.com/advisories/26783
- http://secunia.com/advisories/26822
- http://secunia.com/advisories/26896
- http://secunia.com/advisories/26697
- http://secunia.com/advisories/27043
- http://secunia.com/advisories/27081
- http://secunia.com/advisories/26987
- http://secunia.com/advisories/26713
- http://secunia.com/advisories/27146
- http://secunia.com/advisories/27643
- http://securityreason.com/securityalert/3092
- http://secunia.com/advisories/27756
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html
- http://secunia.com/advisories/29247
- http://secunia.com/advisories/29270
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1
- http://www.vupen.com/english/advisories/2007/3052
- http://www.vupen.com/english/advisories/2008/0803/references
- http://www.vupen.com/english/advisories/2007/3060
- http://www.vupen.com/english/advisories/2007/3868
- http://www.vupen.com/english/advisories/2007/3051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36437
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162
- http://www.securityfocus.com/archive/1/479251/100/0/threaded
- http://www.securityfocus.com/archive/1/478748/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=160738&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=160738&action=edit
- https://access.redhat.com/security/cve/CVE-2007-3999
- http://web.mit.edu/Kerberos/advisories/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=193381&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=193381&action=edit
- http://admin.fedoraproject.org/F8/FEDORA-2008-1017
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1017
- https://www.cve.org/CVERecord?id=CVE-2007-3999 https://nvd.nist.gov/vuln/detail/CVE-2007-3999
- https://access.redhat.com/errata/RHSA-2007:0913
- https://access.redhat.com/errata/RHSA-2007:0858
- https://access.redhat.com/errata/RHSA-2007:0951
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3999.json
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2007-3999?
CVE-2007-3999 is classified as a high severity vulnerability due to its potential for remote exploitation via a stack-based buffer overflow.
How do I fix CVE-2007-3999?
To fix CVE-2007-3999, update to a patched version of MIT Kerberos 5 beyond 1.6.2 or apply relevant security patches provided by your distribution.
Which versions of MIT Kerberos 5 are affected by CVE-2007-3999?
CVE-2007-3999 affects MIT Kerberos 5 versions 1.4 through 1.6.2.
What systems are likely to be impacted by CVE-2007-3999?
Systems running MIT Kerberos 5 versions 1.4 to 1.6.2, especially those using the RPCSEC_GSS library, are likely to be impacted.
Is CVE-2007-3999 exploitable remotely?
Yes, CVE-2007-3999 is exploitable remotely due to the nature of the buffer overflow vulnerability.
- agent/first-publish-date
- collector/redhat-cve
- source/Red Hat
- agent/type
- collector/redhat-bugzilla
- alias/CVE-2007-3999
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/weakness
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- vendor/mit
- canonical/mit kerberos 5 application
- version/mit kerberos 5 application/1.4
- version/mit kerberos 5 application/1.4.1
- version/mit kerberos 5 application/1.4.2
- version/mit kerberos 5 application/1.4.3
- version/mit kerberos 5 application/1.4.4
- version/mit kerberos 5 application/1.5
- version/mit kerberos 5 application/1.5.1
- version/mit kerberos 5 application/1.5.2
- version/mit kerberos 5 application/1.5.3
- version/mit kerberos 5 application/1.6
- version/mit kerberos 5 application/1.6.1
- version/mit kerberos 5 application/1.6.2