// For flags

CVE-2007-2798

krb5 kadmind buffer overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

Un desbordamiento de búfer en la región Stack de la memoria en la función rename_principal_2_svc en kadmind para MIT Kerberos versiones 1.5.3, 1.6.1, y otras versiones, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de una petición creada para renombrar un principal.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-22 CVE Reserved
  • 2007-06-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (55)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=306172 Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=548 Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html Mailing List
http://osvdb.org/36595 Broken Link
http://secunia.com/advisories/25800 Third Party Advisory
http://secunia.com/advisories/25801 Third Party Advisory
http://secunia.com/advisories/25814 Third Party Advisory
http://secunia.com/advisories/25821 Third Party Advisory
http://secunia.com/advisories/25870 Third Party Advisory
http://secunia.com/advisories/25875 Third Party Advisory
http://secunia.com/advisories/25888 Third Party Advisory
http://secunia.com/advisories/25890 Third Party Advisory
http://secunia.com/advisories/25894 Third Party Advisory
http://secunia.com/advisories/25911 Third Party Advisory
http://secunia.com/advisories/26033 Third Party Advisory
http://secunia.com/advisories/26228 Third Party Advisory
http://secunia.com/advisories/26235 Third Party Advisory
http://secunia.com/advisories/26909 Third Party Advisory
http://secunia.com/advisories/27706 Third Party Advisory
http://secunia.com/advisories/40346 Third Party Advisory
http://www.securityfocus.com/archive/1/472289/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/472432/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/472507/30/5970/threaded Mailing List
http://www.securityfocus.com/bid/24653 Third Party Advisory
http://www.securityfocus.com/bid/25159 Third Party Advisory
http://www.securitytracker.com/id?1018295 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-177A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/2337 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2370 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2491 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2732 Third Party Advisory
http://www.vupen.com/english/advisories/2007/3229 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1574 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35080 Third Party Advisory
https://issues.rpath.com/browse/RPL-1499 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1726 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7550 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9996 Signature
https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html Broken Link
URL Date SRC
URL Date SRC
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt 2021-02-02
http://www.kb.cert.org/vuls/id/554257 2021-02-02
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc 2021-02-02
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 2021-02-02
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html 2021-02-02
http://security.gentoo.org/glsa/glsa-200707-11.xml 2021-02-02
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1 2021-02-02
http://www.debian.org/security/2007/dsa-1323 2021-02-02
http://www.mandriva.com/security/advisories?name=MDKSA-2007:137 2021-02-02
http://www.novell.com/linux/security/advisories/2007_38_krb5.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2007-0384.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2007-0562.html 2021-02-02
http://www.trustix.org/errata/2007/0021 2021-02-02
http://www.ubuntu.com/usn/usn-477-1 2021-02-02
https://access.redhat.com/security/cve/CVE-2007-2798 2007-06-26
https://bugzilla.redhat.com/show_bug.cgi?id=245549 2007-06-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 <= 1.6.1
Search vendor "Mit" for product "Kerberos 5" and version " <= 1.6.1"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected