Updated krb5 packages that correct a security flaw are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server.

The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-4743)

This issue did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which contain a corrected backported fix for this issue.

This update improves the patch for the previously released security update of krb5 to fix CVE-2007-3999 and CVE-2007-4000. (CVE-2007-4743)

A stack-based buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security.
A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash (CVE-2007-3999). This issue is only applicable to Kerberos 1.4 and higher.

Garrett Wollman found an uninitialized pointer vulnerability in kadmind which a remote unauthenticated attacker able to access kadmind could exploit to cause kadmind to crash (CVE-2007-4000). This issue is only applicable to Kerberos 1.5 and higher.

Update :

The MIT Kerberos Team found a problem with the originally published patch for CVE-2007-3999. A remote unauthenticated attacker able to access kadmind could trigger this flaw and cause kadmind to crash.

Updated packages have been patched to prevent these issues.

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0892 advisory.

    [1.5-29]
     - update to revised patch for CVE-2007-3999

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied. 

This update contains several security fixes for the following programs :

 - Flash Player Plugin
 - AppleRAID
 - BIND
 - bzip2
 - CFFTP
 - CFNetwork
 - CoreFoundation
 - CoreText
 - Kerberos
 - Kernel
 - remote_cmds
 - Networking
 - NFS
 - NSURL
 - Safari
 - SecurityAgent
 - WebCore
 - WebKit

The originally-used patch for CVE-2007-3999 didn't completely fix the bug. This update includes the revised patch.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem.

It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments.

This update improves the patch for the previously released security update of krb5 to fix CVE-2007-3999 / CVE-2007-4000. (CVE-2007-4743)

The remote host is running a version of Mac OS X 10.4 that is older than version 10.4.11 or a version of Mac OS X 10.3 that does not have Security Update 2007-008 applied.  This update contains several security fixes for the following programs :


 - Flash Player Plugin
 - AppleRAID
 - BIND
 - bzip2
 - CFFTP
 - CFNetwork
 - CoreFoundation
 - CoreText
 - Kerberos
 - Kernel
 - remote_cmds
 - Networking
 - NFS
 - NSURL
 - Safari
 - SecurityAgent
 - WebCore
 - WebKit

ID	Name	Product	Family	Published	Updated	Severity
43652	CentOS 5 : krb5 (CESA-2007:0892)	Nessus	CentOS Local Security Checks	1/6/2010	1/4/2021	critical
27311	openSUSE 10 Security Update : krb5 (krb5-4248)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	critical
26006	Mandrake Linux Security Advisory : krb5 (MDKSA-2007:174-1)	Nessus	Mandriva Local Security Checks	9/7/2007	1/6/2021	critical
67571	Oracle Linux 5 : Important: / krb5 (ELSA-2007-0892)	Nessus	Oracle Linux Local Security Checks	7/12/2013	10/22/2024	critical
26052	RHEL 5 : krb5 (RHSA-2007:0892)	Nessus	Red Hat Local Security Checks	9/14/2007	1/14/2021	critical
28212	Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)	Nessus	MacOS X Local Security Checks	11/14/2007	5/28/2024	critical
27750	Fedora 7 : krb5-1.6.1-4.fc7 (2007-2066)	Nessus	Fedora Local Security Checks	11/6/2007	1/11/2021	critical
28115	Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-1)	Nessus	Ubuntu Local Security Checks	11/10/2007	1/19/2021	critical
28116	Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-2)	Nessus	Ubuntu Local Security Checks	11/10/2007	1/19/2021	critical
27066	Debian DSA-1387-1 : librpcsecgss - buffer overflow	Nessus	Debian Local Security Checks	10/17/2007	1/4/2021	critical
29495	SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 4249)	Nessus	SuSE Local Security Checks	12/13/2007	1/14/2021	critical
4284	Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)	Nessus Network Monitor	Operating System Detection	11/15/2007	3/6/2019	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical