// For flags

CVE-2007-2443

krb5 RPC library stack overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

Error de entero sin signo en la función gssrpc__svcauth_unix de svc_auth_unix.c en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante un valor de longitud negativa.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-02 CVE Reserved
  • 2007-06-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (51)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=306172 Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html Mailing List
http://osvdb.org/36597 Broken Link
http://secunia.com/advisories/25800 Third Party Advisory
http://secunia.com/advisories/25801 Third Party Advisory
http://secunia.com/advisories/25814 Third Party Advisory
http://secunia.com/advisories/25821 Third Party Advisory
http://secunia.com/advisories/25870 Third Party Advisory
http://secunia.com/advisories/25888 Third Party Advisory
http://secunia.com/advisories/25890 Third Party Advisory
http://secunia.com/advisories/25894 Third Party Advisory
http://secunia.com/advisories/25911 Third Party Advisory
http://secunia.com/advisories/26033 Third Party Advisory
http://secunia.com/advisories/26228 Third Party Advisory
http://secunia.com/advisories/26235 Third Party Advisory
http://secunia.com/advisories/26909 Third Party Advisory
http://secunia.com/advisories/27706 Third Party Advisory
http://secunia.com/advisories/40346 Third Party Advisory
http://www.securityfocus.com/archive/1/472288/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/472432/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/472507/30/5970/threaded Mailing List
http://www.securityfocus.com/bid/24657 Third Party Advisory
http://www.securityfocus.com/bid/25159 Third Party Advisory
http://www.securitytracker.com/id?1018293 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2337 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2491 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2732 Third Party Advisory
http://www.vupen.com/english/advisories/2007/3229 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1574 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35085 Third Party Advisory
https://issues.rpath.com/browse/RPL-1499 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11277 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7131 Broken Link
https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html Broken Link
URL Date SRC
URL Date SRC
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt 2021-02-02
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt 2021-02-02
http://www.kb.cert.org/vuls/id/365313 2021-02-02
http://www.us-cert.gov/cas/techalerts/TA07-177A.html 2021-02-02
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc 2021-02-02
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 2021-02-02
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html 2021-02-02
http://security.gentoo.org/glsa/glsa-200707-11.xml 2021-02-02
http://www.debian.org/security/2007/dsa-1323 2021-02-02
http://www.mandriva.com/security/advisories?name=MDKSA-2007:137 2021-02-02
http://www.novell.com/linux/security/advisories/2007_38_krb5.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2007-0384.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2007-0562.html 2021-02-02
http://www.trustix.org/errata/2007/0021 2021-02-02
http://www.ubuntu.com/usn/usn-477-1 2021-02-02
https://access.redhat.com/security/cve/CVE-2007-2443 2007-06-26
https://bugzilla.redhat.com/show_bug.cgi?id=245548 2007-06-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 <= 1.6.1
Search vendor "Mit" for product "Kerberos 5" and version " <= 1.6.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected