Oval Definition:oval:com.redhat.rhsa:def:20070858
Revision Date:2007-09-06Version:636
Title:RHSA-2007:0858: krb5 security update (Important)
Description:Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server.

  • Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999)

  • Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-4000)

    These issues did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

    Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-3999
    CVE-2007-4000
    RHSA-2007:0858
    RHSA-2007:0858-01
    RHSA-2007:0858-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • krb5-devel is earlier than 0:1.5-29
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.5-29
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.5-29
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.5-29
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
    • BACK