CVE-2007-4743
MIT Kerberos 5 1.4-1.6.2 - Remote Buffer Overflow in svc_auth_gss.c
Title source: llmDescription
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
References (17)
Core 17
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1387
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26699
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_19_sr.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0892.html
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1696
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26444
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-511-2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/478794/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26987
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307041
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/478748/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239
Patch x_refsource_confirm
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3868
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27643
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Scores
EPSS
0.2025
EPSS Percentile
95.6%
Details
CWE
CWE-119
Status
published
Products (12)
mit/kerberos_5
1.4
mit/kerberos_5
1.4.1
mit/kerberos_5
1.4.2
mit/kerberos_5
1.4.3
mit/kerberos_5
1.4.4
mit/kerberos_5
1.5
mit/kerberos_5
1.5.1
mit/kerberos_5
1.5.2
mit/kerberos_5
1.5.3
mit/kerberos_5
1.6
... and 2 more
Published
Sep 06, 2007
Tracked Since
Feb 18, 2026