SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-2443

Date: (C)2007-06-26 (M)2023-12-22

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.3
Exploit Score: 6.5
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1018293

http://www.securityfocus.com/archive/1/472288/100/0/threaded

http://www.securityfocus.com/archive/1/472432/100/0/threaded

http://www.securityfocus.com/archive/1/472507/30/5970/threaded

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

APPLE-SA-2007-07-31

SUSE-SA:2007:038

http://docs.info.apple.com/article.html?artnum=306172

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt

https://issues.rpath.com/browse/RPL-1499

https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html

kerberos-gssrpcsvcauthunix-bo(35085)

oval:org.mitre.oval:def:11277

oval:org.mitre.oval:def:7131

cpe:/o:canonical:ubuntu_linux:7.04
cpe:/o:canonical:ubuntu_linux:6.06
cpe:/o:debian:debian_linux:3.1
cpe:/o:debian:debian_linux:4.0
...

© SecPod Technologies