CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4743

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile9.19th
PublishedSep 6, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Affected Platforms (CPE)

πŸ“¦
Mit

Kerberos 5

= 1.4
πŸ“¦
Mit

Kerberos 5

= 1.4.1
πŸ“¦
Mit

Kerberos 5

= 1.4.2
πŸ“¦
Mit

Kerberos 5

= 1.4.3
πŸ“¦
Mit

Kerberos 5

= 1.4.4
πŸ“¦
Mit

Kerberos 5

= 1.5
πŸ“¦
Mit

Kerberos 5

= 1.5.1
πŸ“¦
Mit

Kerberos 5

= 1.5.2
πŸ“¦
Mit

Kerberos 5

= 1.5.3
πŸ“¦
Mit

Kerberos 5

= 1.6
πŸ“¦
Mit

Kerberos 5

= 1.6.1
πŸ“¦
Mit

Kerberos 5

= 1.6.2

References & Advisories

πŸ”— http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
πŸ”— http://docs.info.apple.com/article.html?artnum=307041
πŸ”— http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
πŸ”— http://secunia.com/advisories/26699
πŸ”— http://secunia.com/advisories/26987
πŸ”— http://secunia.com/advisories/27643
πŸ”— http://www.debian.org/security/2007/dsa-1387
πŸ”— http://www.novell.com/linux/security/advisories/2007_19_sr.html

Related Vulnerabilities

CVE-2000-039110.0

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-039010.0

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-038910.0

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

CVE-2000-051410.0

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cau...