Red Hat Bugzilla – Bug 250973
CVE-2007-3999 krb5 RPC library buffer overflow
Last modified: 2008-03-06 11:35:48 EST
MIT notified us of kadmind RPC lib buffer overflow, uninitialized pointer. Will
be public on 04 September 2007, at 14:00 US/Eastern time.
This issue has not been triaged as it may well affect recent RHEL distributions
with a different severity (flaw type is likely caught by fortify_source)
Created attachment 160738 [details]
proposed patch from MIT
Update from MIT Kerberos team:
We have discovered that the server-side code in nfs-utils is also
vulnerable to CVE-2007-3999. If you are distributing nfs-utils or
some derivative, you may care about this. According to Kevin Coffman
of the University of Michigan, nfs-utils is probably not vulnerable
because it does not actually execute any server-side RPC code. We are
working to confirm this assertion, but note that third-party server
applications that link with the RPC library in nfs-utils may be
vulnerable to CVE-2007-3999.
now public at http://web.mit.edu/Kerberos/advisories/
Created attachment 193381 [details]
Updated patch from MIT
libtirpc-0.1.7-15.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update libtirpc'. You can provide feedback for this update here: http://admin.fedoraproject.org/F8/FEDORA-2008-1017
The above url should read
libtirpc-0.1.7-15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.