Security Vulnerability: kadmind stack buffer overflow vulnerability

  • 3675615
  • 10-Jul-2007
  • 27-Apr-2012

Environment

Novell KDC 1.0.2 and prior

Situation

An authenticated remote user may be able to cause a host running kadmind to execute arbitrary code.

Successful exploitation can compromise the Kerberos key database and host security on the KDC host.  (kadmind typically runs as root.)
Unsuccessful exploitation attempts will likely result in kadmind crashing.

Resolution

Fix is in Novell KDC version 1.0.3 or newer available at https://download.novell.com

Status

Security Alert

Additional Information

MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

CVE: CVE-2007-2798
CERT: VU#554257

This vulnerability was reported to MIT by iDefense.  iDefense credits an anonymous discoverer.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.