CVE-2007-4743: Buffer Overflow
First published: Thu Sep 06 2007(Updated: )
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 Application | =1.4 | |
| MIT Kerberos 5 Application | =1.4.1 | |
| MIT Kerberos 5 Application | =1.4.2 | |
| MIT Kerberos 5 Application | =1.4.3 | |
| MIT Kerberos 5 Application | =1.4.4 | |
| MIT Kerberos 5 Application | =1.5 | |
| MIT Kerberos 5 Application | =1.5.1 | |
| MIT Kerberos 5 Application | =1.5.2 | |
| MIT Kerberos 5 Application | =1.5.3 | |
| MIT Kerberos 5 Application | =1.6 | |
| MIT Kerberos 5 Application | =1.6.1 | |
| MIT Kerberos 5 Application | =1.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
- https://issues.rpath.com/browse/RPL-1696
- http://docs.info.apple.com/article.html?artnum=307041
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- http://www.debian.org/security/2007/dsa-1387
- http://www.redhat.com/support/errata/RHSA-2007-0892.html
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.ubuntu.com/usn/usn-511-2
- http://www.us-cert.gov/cas/techalerts/TA07-319A.html
- http://www.securityfocus.com/bid/26444
- http://secunia.com/advisories/26699
- http://secunia.com/advisories/26987
- http://secunia.com/advisories/27643
- http://www.vupen.com/english/advisories/2007/3868
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239
- http://www.securityfocus.com/archive/1/478794/100/0/threaded
- http://www.securityfocus.com/archive/1/478748/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-4743?
CVE-2007-4743 has a moderate severity rating due to potential exploitation that could lead to denial of service.
How do I fix CVE-2007-4743?
To fix CVE-2007-4743, upgrade to the latest version of MIT Kerberos 5 that addresses this vulnerability.
What versions of MIT Kerberos 5 are affected by CVE-2007-4743?
CVE-2007-4743 affects MIT Kerberos 5 versions 1.4 through 1.6.2.
Can CVE-2007-4743 lead to data loss?
CVE-2007-4743 primarily causes a denial of service but does not directly allow unauthorized data access or loss.
What component is impacted by CVE-2007-4743?
CVE-2007-4743 impacts the RPCSEC_GSS RPC library component used in MIT Kerberos 5.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/weakness
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- vendor/mit
- canonical/mit kerberos 5 application
- version/mit kerberos 5 application/1.4
- version/mit kerberos 5 application/1.4.1
- version/mit kerberos 5 application/1.4.2
- version/mit kerberos 5 application/1.4.3
- version/mit kerberos 5 application/1.4.4
- version/mit kerberos 5 application/1.5
- version/mit kerberos 5 application/1.5.1
- version/mit kerberos 5 application/1.5.2
- version/mit kerberos 5 application/1.5.3
- version/mit kerberos 5 application/1.6
- version/mit kerberos 5 application/1.6.1
- version/mit kerberos 5 application/1.6.2