Oval Definition:	oval:org.mitre.oval:def:10239
Revision Date: 2013-04-29 Version: 12 Title: The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. Description: The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-4743 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section krb5-workstation is earlier than 0:1.5-29 OR krb5 is earlier than 0:1.5-29 OR krb5-libs is earlier than 0:1.5-29 OR krb5-server is earlier than 0:1.5-29 OR krb5-devel is earlier than 0:1.5-29
BACK