LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds