Security Vulnerability: kadmind affected by multiple RPC library vulnerabilities

  • 3248163
  • 10-Jul-2007
  • 30-Apr-2012


Novell KDC 1.0.2 and prior versions


An unauthenticated remote user may be able to cause a host running kadmind to execute arbitrary code.  CVE‑2007‑2442 is more likely to lead to arbitrary code execution than CVE‑2007‑2443.

Successful exploitation can compromise the Kerberos key database and host security on the host running these programs.  (kadmind typically runs as root.)  Unsuccessful exploitation attempts will likely result in the affected program crashing.

Third‑party applications calling the RPC library provided with MIT krb5 may be vulnerable.  Other RPC libraries derived from SunRPC may be vulnerable.


This vulnerability is resolved in Novell KDC 1.0.3 and newer available at


Security Alert

Additional Information