Vulnerability Description
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos 5 | <= 1.6.1 |
| Debian | Debian Linux | 3.1 |
| Canonical | Ubuntu Linux | 6.06 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.ascBroken Link
- http://docs.info.apple.com/article.html?artnum=306172Broken Link
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427Broken Link
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlMailing ListThird Party Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
- http://osvdb.org/36597Broken Link
- http://secunia.com/advisories/25800Third Party Advisory
- http://secunia.com/advisories/25801Third Party Advisory
- http://secunia.com/advisories/25814Third Party Advisory
- http://secunia.com/advisories/25821Third Party Advisory
- http://secunia.com/advisories/25870Third Party Advisory
- http://secunia.com/advisories/25888Third Party Advisory
- http://secunia.com/advisories/25890Third Party Advisory
- http://secunia.com/advisories/25894Third Party Advisory
- http://secunia.com/advisories/25911Third Party Advisory
FAQ
What is CVE-2007-2443?
CVE-2007-2443 is a vulnerability with a CVSS score of 8.3 (HIGH). Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code vi...
How severe is CVE-2007-2443?
CVE-2007-2443 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2443?
Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Debian Debian Linux, Canonical Ubuntu Linux.