CVE-2007-3999
CVE-2007-3999
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://lists.rpath.com/pipermail/security-announce/2007-September/000237.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=250973http://secunia.com/advisories/26676http://secunia.com/advisories/26680http://secunia.com/advisories/26684http://secunia.com/advisories/26691http://secunia.com/advisories/26697http://secunia.com/advisories/26699http://secunia.com/advisories/26700http://secunia.com/advisories/26705