(Novell Issues Fix for Novell KDC) Kerberos kadmind Buffer Overflow in rename_principal_2_svc() Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018388 |
|
SecurityTracker URL: http://securitytracker.com/id/1018388
|
|
CVE Reference:
CVE-2007-2798
(Links to External Site)
|
Date: Jul 13 2007
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Novell KDC 1.0.2 and prior versions
|
Description:
A vulnerability was reported in the krb5 Kerberos administration daemon (kadmind). A remote authenticated user can execute arbitrary code on the target system. Novell KDC is affected.
A remote user can send specially crafted data to trigger a buffer overflow in the rename_principal_2_svc() function and execute arbitrary code on the target system. The code will run with the privileges of the target service (typically root privileges).
Authentication is required to exploit this vulnerability, but administrative privileges are not required.
The vendor was notified on May 15, 2007.
iDefense reported this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
Novell has issued a fix for Novell KDC (1.0.3), available at:
http://download.novell.com
The Novell advisory is available at:
https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html
|
Vendor URL: web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 12 Jul 2007 22:42:35 -0400
Subject: Novell
|
https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html
CVE-2007-2798
|
|
