(Novell Issues Fix for Novell Open Enterprise Server) Kerberos kadmind RPC Library Array Overrun May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019792 |
|
SecurityTracker URL: http://securitytracker.com/id/1019792
|
|
CVE Reference:
CVE-2008-0947, CVE-2008-0948
(Links to External Site)
|
Date: Apr 4 2008
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Kerberos in kadmind. A remote user can cause denial of service conditions. A remote user may be able to execute arbitrary code on the target system. Novell Open Enterprise Server is affected.
A remote user can send specially crafted data to cause a large number of file descriptors to be opened, triggering an array overflow. This can cause kadmind to crash or potentially execute arbitrary code.
Jeff Altman of Secure Endpoints reported this vulnerability.
|
Impact:
A remote user can cause kadmind to crash. It may also be possible to cause kadmind to execute arbitrary code.
|
Solution:
Novell has issued a fix for Novell Open Enterprise Server on SUSE Linux, which is affected by this Kerberos vulnerability.
The Novell advisories are available at:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
|
Cause:
Boundary error
|
Underlying OS:
Linux (SuSE)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 4 Apr 2008 13:16:51 -0500
Subject: Novell Kerberos
|
x86:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
x86-64:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
CVE-2008-0062
CVE-2008-0063
CVE-2008-0947
CVE-2008-0948
|
|
