Environment
Novell KDC 1.0.2 and prior
Situation
An authenticated remote user may be able to cause a host running
kadmind to execute arbitrary code.
Successful exploitation can compromise the Kerberos key database and host security on the KDC host. (kadmind typically runs as root.)
Unsuccessful exploitation attempts will likely result in kadmind crashing.
Successful exploitation can compromise the Kerberos key database and host security on the KDC host. (kadmind typically runs as root.)
Unsuccessful exploitation attempts will likely result in kadmind crashing.
Resolution
Fix is in Novell KDC version 1.0.3 or newer available at https://download.novell.com
Status
Security AlertAdditional Information
MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt
CVE: CVE-2007-2798
CERT: VU#554257
This vulnerability was reported to MIT by iDefense. iDefense credits an anonymous discoverer.
CVE: CVE-2007-2798
CERT: VU#554257
This vulnerability was reported to MIT by iDefense. iDefense credits an anonymous discoverer.