返回 CVE 瀏覽器

CVE-2007-4743

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0120%

EPSS Percentile9.19th

Published2007年9月6日

Last Modified2026年4月23日

Vulnerability Description

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Affected Platforms (CPE)

📦

Mit

Kerberos 5

= 1.4

📦

Mit

Kerberos 5

= 1.4.1

📦

Mit

Kerberos 5

= 1.4.2

📦

Mit

Kerberos 5

= 1.4.3

📦

Mit

Kerberos 5

= 1.4.4

📦

Mit

Kerberos 5

= 1.5

📦

Mit

Kerberos 5

= 1.5.1

📦

Mit

Kerberos 5

= 1.5.2

📦

Mit

Kerberos 5

= 1.5.3

📦

Mit

Kerberos 5

= 1.6

📦

Mit

Kerberos 5

= 1.6.1

📦

Mit

Kerberos 5

= 1.6.2

References & Advisories

🔗 http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86

🔗 http://docs.info.apple.com/article.html?artnum=307041

🔗 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

🔗 http://secunia.com/advisories/26699

🔗 http://secunia.com/advisories/26987

🔗 http://secunia.com/advisories/27643

🔗 http://www.debian.org/security/2007/dsa-1387

🔗 http://www.novell.com/linux/security/advisories/2007_19_sr.html

相關漏洞威脅

CVE-2000-039110.0

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-039010.0

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-038910.0

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

CVE-2000-051410.0

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cau...