Published: 2007-06-29T23:30+00:00    Last Updated: 2007-06-29T23:30+00:00

TRTA07-177A
MIT Kerberos Vulnerabilities

Overview

The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Event Information

Date (UTC)Description
2007-06-26 20:30 US-CERT
TA07-177A: MIT Kerberos Vulnerabilities
Via US-CERT Mailing List
2007-06-26 18:01 MIT
MIT krb5 Security Advisory 2007-005: kadmind vulnerable to buffer overflow
The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
2007-06-26 18:01 MIT
MIT krb5 Security Advisory 2007-004: kadmind affected by multiple RPC library vulnerabilities
The MIT krb5 Kerberos administration daemon (kadmind) is affected by multiple vulnerabilities in the RPC library shipped with MIT krb5.
2007-06-26 US-CERT
Multiple Vulnerabilities in Kerberos Administration Daemon
US-CERT is aware of multiple vulnerabilities in the Kerberos administration daemon that may allow a remote user to execute arbitrary code or cause a denial-of-service condition on an affected system.
2007-05-15 iDefense
Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability
A stack buffer overflow exists in kadmind (CVE-2007-2798)
Vulnerability Reported