Bug 245549 (CVE-2007-2798)
| Summary: | CVE-2007-2798 krb5 kadmind buffer overflow | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-02-26 15:14:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 239073, 245544 | ||
| Bug Blocks: | |||
The attacker must be authenticated, therefore this issue is important impact on Red Hat Enterprise Linux. Lifting embargo: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-005.txt Support Can you please give me a status on the release for the fix. I need rpm's for RHELWSV4 and RHELWSV3 ASAP Thanks -Carl krekoriancr.navy.mil This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0384.html http://rhn.redhat.com/errata/RHSA-2007-0562.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0740 |
MIT has reported another flaw to us, CVE-2007-2798: The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow. The kadmind code which performs the principal renaming operation passes unchecked string arguments to a sprintf() call which has a fixed-size stack buffer as its destination. These strings are the old and new principal names passed to the rename operation. The attacker needs to authenticate to kadmind to perform this attack, but no administrative privileges are required because the vulnerable code executes prior to privilege verification.