10

CVE-2007-3999

EPSS 29.94%
Published 05.09.2007 10:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Affected products Warnungen 0 Metrics 2 CWE 1 References 65

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version1.4

Mit ≫ Kerberos 5 Version1.4.1

Mit ≫ Kerberos 5 Version1.4.2

Mit ≫ Kerberos 5 Version1.4.3

Mit ≫ Kerberos 5 Version1.4.4

Mit ≫ Kerberos 5 Version1.5

Mit ≫ Kerberos 5 Version1.5.1

Mit ≫ Kerberos 5 Version1.5.2

Mit ≫ Kerberos 5 Version1.5.3

Mit ≫ Kerberos 5 Version1.6

Mit ≫ Kerberos 5 Version1.6.1

Mit ≫ Kerberos 5 Version1.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.94%	0.965

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/26987

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_19_sr.html

http://docs.info.apple.com/article.html?artnum=307041

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

http://secunia.com/advisories/27643

Vendor Advisory

http://www.securityfocus.com/bid/26444

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/3868

http://secunia.com/advisories/27756

http://www.novell.com/linux/security/advisories/2007_24_sr.html

http://secunia.com/advisories/26822

Vendor Advisory

http://www.trustix.org/errata/2007/0026/

http://secunia.com/advisories/27043

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-0951.html

http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html

http://secunia.com/advisories/26676

Vendor Advisory

http://secunia.com/advisories/26680

Vendor Advisory

http://secunia.com/advisories/26684

Vendor Advisory

http://secunia.com/advisories/26691

Vendor Advisory

http://secunia.com/advisories/26697

Vendor Advisory

http://secunia.com/advisories/26699

Vendor Advisory

http://secunia.com/advisories/26700

Vendor Advisory

http://secunia.com/advisories/26705

Vendor Advisory

http://secunia.com/advisories/26713

Vendor Advisory

http://secunia.com/advisories/26728

Vendor Advisory

http://secunia.com/advisories/26783

Vendor Advisory

http://secunia.com/advisories/26792

Vendor Advisory

http://secunia.com/advisories/26896

Vendor Advisory

http://secunia.com/advisories/27081

Vendor Advisory

http://secunia.com/advisories/27146

Vendor Advisory

http://secunia.com/advisories/29247

http://secunia.com/advisories/29270

http://security.gentoo.org/glsa/glsa-200710-01.xml

http://securityreason.com/securityalert/3092

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1

http://support.avaya.com/elmodocs2/security/ASA-2007-396.htm

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

http://www.debian.org/security/2007/dsa-1367

http://www.debian.org/security/2007/dsa-1368

http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

http://www.kb.cert.org/vuls/id/883632

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

http://www.mandriva.com/security/advisories?name=MDKSA-2007:181

http://www.redhat.com/support/errata/RHSA-2007-0858.html

http://www.redhat.com/support/errata/RHSA-2007-0913.html

http://www.securityfocus.com/archive/1/478748/100/0/threaded

http://www.securityfocus.com/archive/1/479251/100/0/threaded

http://www.securityfocus.com/bid/25534

http://www.securitytracker.com/id?1018647

http://www.ubuntu.com/usn/usn-511-1

http://www.vupen.com/english/advisories/2007/3051

http://www.vupen.com/english/advisories/2007/3052

http://www.vupen.com/english/advisories/2007/3060

http://www.vupen.com/english/advisories/2008/0803/references

http://www.zerodayinitiative.com/advisories/ZDI-07-052.html

https://bugzilla.redhat.com/show_bug.cgi?id=250973

https://exchange.xforce.ibmcloud.com/vulnerabilities/36437

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html

https://nvd.nist.gov/vuln/detail/CVE-2007-3999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3999

EUVD