Oval Definition:oval:org.mitre.oval:def:3162
Revision Date:2007-12-03Version:16
Title:Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Description:Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-3999
Platform(s):Sun Solaris 10
Sun Solaris 8
Sun Solaris 9
Product(s):
Definition Synopsis
  • Solaris 8 (SPARC) meets Sun Alert 103060
  • Solaris 8 (SPARC) is installed
  • AND NOT Patch 126928-02 or later installed
  • AND Key Distribution Center (kadmind) process running
  • OR Solaris 9 (SPARC) meets Sun Alert 103060
  • Solaris 9 (SPARC) is installed
  • AND NOT Patch 113318-32 or later installed
  • AND Key Distribution Center (kadmind) process running
  • OR Solaris 10 (SPARC) meets Sun Alert 103060
  • Solaris 10 (SPARC) is installed
  • AND NOT Patch 126661-02 or later installed
  • AND Key Distribution Center (kadmind) process running
  • OR Solaris 8 (x86) meets Sun Alert 103060
  • Solaris 8 (x86) is installed
  • AND NOT Patch 126929-02 or later installed
  • AND Key Distribution Center (kadmind) process running
  • OR Solaris 9 (x86) meets Sun Alert 103060
  • Solaris 9 (x86) is installed
  • AND NOT Patch 117468-18 or later installed
  • AND Key Distribution Center (kadmind) process running
  • OR Solaris 10 (x86) meets Sun Alert 103060
  • Solaris 10 (x86) is installed
  • AND NOT Patch 126662-02 or later installed
  • AND Key Distribution Center (kadmind) process running
  • BACK