CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
97.1%
MIT Kerberos kadmind
contains a privilege escalation vulnerability that may allow an authenticated attacker to execute code with root privileges.
Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. The kadmind
daemon is the administration server that runs on the master Kerberos server.
From the kadmind
manual page:
This command starts the KADM5 administration server. The administration server runs on the master Kerberos server, which stores the KDC principal database and the KADM5 policy database. Kadmind accepts remote requests to administer the information in these databases. Remote requests are sent, for example, by kadmin(8) and the kpasswd(1) command, both of which are clients of kadmind.
Per MITKRB5-SA-2007-006 there is a privilege execution vulnerability in kadmind
that may allow an authenticated user with modify policy privileges to execute arbitrary code. Note that per MITKRB5-SA-2007-006, versions of kerberos prior to krb5-1.5 are not affected by this vulnerability.
A local attacker, who has modify policy privileges, may be able to execute arbitrary code with elevated privileges
Update
The Kerberos team has released an update to address this issue. Please see MITKRB5-SA-2007-006 for more information on obtaining fixed software.
377544
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 24, 2007 Updated: October 26, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23377544 Feedback>).
Notified: August 23, 2007 Updated: September 04, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23377544 Feedback>).
Notified: August 24, 2007 Updated: September 11, 2007
Affected
This issue did not affect the version of Kerberos as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE.
The following update was made available to correct this issue:
<https://rhn.redhat.com/errata/RHSA-2007-0858.html>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: September 06, 2007
Affected
SUSE and openSUSE packages were affected by this vulnerabilities and update packages are released.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: September 04, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: September 06, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 04, 2007 Updated: September 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 24, 2007 Updated: August 24, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 44 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the MIT Kerberos team for information that was used in this report.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-4000 |
---|---|
Severity Metric: | 0.63 Date Public: |