Upstream information

CVE-2007-3999 at MITRE

Description

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 302377 [RESOLVED / FIXED], 305261 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • librpcsecgss3 >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Desktop 12 GA librpcsecgss3
SUSE Linux Enterprise Desktop 12 SP1
  • librpcsecgss3 >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA librpcsecgss3
SUSE Linux Enterprise Server 11 SP1
  • krb5 >= 1.6.3-133.27.1
  • krb5-32bit >= 1.6.3-133.27.1
  • krb5-apps-clients >= 1.6.3-133.27.1
  • krb5-apps-servers >= 1.6.3-133.27.1
  • krb5-client >= 1.6.3-133.27.1
  • krb5-doc >= 1.6.3-133.21
  • krb5-plugin-kdb-ldap >= 1.6.3-133.12
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.12
  • krb5-server >= 1.6.3-133.27.1
  • krb5-x86 >= 1.6.3-133.27.1
  • librpcsecgss >= 0.18-1.15
  • libtirpc1 >= 0.2.1-1.2.16
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA krb5
SUSE Linux Enterprise Server 11 SP1 GA krb5-doc
SUSE Linux Enterprise Server 11 SP1 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP1 GA librpcsecgss
SUSE Linux Enterprise Server 11 SP2
  • krb5 >= 1.6.3-133.48.48.1
  • krb5-32bit >= 1.6.3-133.48.48.1
  • krb5-apps-clients >= 1.6.3-133.48.48.1
  • krb5-apps-servers >= 1.6.3-133.48.48.1
  • krb5-client >= 1.6.3-133.48.48.1
  • krb5-doc >= 1.6.3-133.21
  • krb5-plugin-kdb-ldap >= 1.6.3-133.12
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.12
  • krb5-server >= 1.6.3-133.48.48.1
  • krb5-x86 >= 1.6.3-133.48.48.1
  • librpcsecgss >= 0.18-1.15
  • libtirpc1 >= 0.2.1-1.5.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA krb5
SUSE Linux Enterprise Server 11 SP2 GA krb5-doc
SUSE Linux Enterprise Server 11 SP2 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP2 GA librpcsecgss
SUSE Linux Enterprise Server 11 SP3
  • krb5 >= 1.6.3-133.49.54.1
  • krb5-32bit >= 1.6.3-133.49.54.1
  • krb5-apps-clients >= 1.6.3-133.49.54.1
  • krb5-apps-servers >= 1.6.3-133.49.54.1
  • krb5-client >= 1.6.3-133.49.54.1
  • krb5-doc >= 1.6.3-133.49.54.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.49.54.1
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.49.54.1
  • krb5-server >= 1.6.3-133.49.54.1
  • krb5-x86 >= 1.6.3-133.49.54.1
  • librpcsecgss >= 0.18-1.15
  • libtirpc1 >= 0.2.1-1.5.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA krb5
SUSE Linux Enterprise Server 11 SP3 GA krb5-doc
SUSE Linux Enterprise Server 11 SP3 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP3 GA librpcsecgss
SUSE Linux Enterprise Server 11 SP4
  • krb5 >= 1.6.3-133.49.66.1
  • krb5-32bit >= 1.6.3-133.49.66.1
  • krb5-apps-clients >= 1.6.3-133.49.66.1
  • krb5-apps-servers >= 1.6.3-133.49.66.1
  • krb5-client >= 1.6.3-133.49.66.1
  • krb5-doc >= 1.6.3-133.49.66.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.49.66.1
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.49.66.1
  • krb5-server >= 1.6.3-133.49.66.1
  • krb5-x86 >= 1.6.3-133.49.66.1
  • librpcsecgss >= 0.18-1.15
  • libtirpc1 >= 0.2.1-1.7.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA krb5
SUSE Linux Enterprise Server 11 SP4 GA krb5-doc
SUSE Linux Enterprise Server 11 SP4 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP4 GA librpcsecgss
SUSE Linux Enterprise Server 12
  • librpcsecgss3 >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Server 12 GA librpcsecgss3
SUSE Linux Enterprise Server 12 SP1
  • librpcsecgss3 >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA librpcsecgss3
SUSE Linux Enterprise Software Development Kit 11 SP4
  • krb5-devel >= 1.6.3-133.49.66.1
  • krb5-devel-32bit >= 1.6.3-133.49.66.1
  • krb5-server >= 1.6.3-133.49.66.1
  • libtirpc-devel >= 0.2.1-1.7.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA krb5-devel
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libtirpc-devel
SUSE Linux Enterprise Software Development Kit 12
  • librpcsecgss-devel >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA librpcsecgss-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • librpcsecgss-devel >= 0.19-16.56
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA librpcsecgss-devel
SUSE LINUX 10.0
  • krb5 >= 1.4.1-5.11
  • krb5-32bit >= 1.4.1-5.11
  • krb5-64bit >= 1.4.1-5.11
  • krb5-apps-clients >= 1.4.1-5.11
  • krb5-apps-servers >= 1.4.1-5.11
  • krb5-client >= 1.4.1-5.11
  • krb5-devel >= 1.4.1-5.11
  • krb5-devel-32bit >= 1.4.1-5.11
  • krb5-devel-64bit >= 1.4.1-5.11
  • krb5-server >= 1.4.1-5.11
SUSE LINUX 10.1
  • krb5 >= 1.4.3-19.28
  • krb5-32bit >= 1.4.3-19.28
  • krb5-64bit >= 1.4.3-19.28
  • krb5-apps-clients >= 1.4.3-19.28
  • krb5-apps-servers >= 1.4.3-19.28
  • krb5-client >= 1.4.3-19.28
  • krb5-devel >= 1.4.3-19.28
  • krb5-devel-32bit >= 1.4.3-19.28
  • krb5-devel-64bit >= 1.4.3-19.28
  • krb5-server >= 1.4.3-19.28
SUSE LINUX 10.0
  • librpcsecgss >= 0.5-2.3
SUSE LINUX 10.1
  • librpcsecgss >= 0.7-13.8
SUSE LINUX 10.0
  • krb5 >= 1.4.1-5.9
  • krb5-32bit >= 1.4.1-5.9
  • krb5-64bit >= 1.4.1-5.9
  • krb5-apps-clients >= 1.4.1-5.9
  • krb5-apps-servers >= 1.4.1-5.9
  • krb5-client >= 1.4.1-5.9
  • krb5-devel >= 1.4.1-5.9
  • krb5-devel-32bit >= 1.4.1-5.9
  • krb5-devel-64bit >= 1.4.1-5.9
  • krb5-server >= 1.4.1-5.9
SUSE LINUX 10.1
  • krb5 >= 1.4.3-19.25
  • krb5-32bit >= 1.4.3-19.25
  • krb5-64bit >= 1.4.3-19.25
  • krb5-apps-clients >= 1.4.3-19.25
  • krb5-apps-servers >= 1.4.3-19.25
  • krb5-client >= 1.4.3-19.25
  • krb5-devel >= 1.4.3-19.25
  • krb5-devel-32bit >= 1.4.3-19.25
  • krb5-devel-64bit >= 1.4.3-19.25
  • krb5-server >= 1.4.3-19.25