Signature Detail
Short Name |
RPC:KADMIND-OF |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
RPC |
Keywords |
MIT Kerberos kadmind Overflow |
Release Date |
2007/10/04 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RPC: MIT Kerberos kadmind Overflow
This signature detects attempts to exploit a known vulnerability in MIT Kerberios kadmind. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.
Extended Description
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication. Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third-party applications using the affected RPC library are also affected.
Affected Products
- Apple Mac OS X 10.4.0
- Apple Mac OS X 10.4.1
- Apple Mac OS X 10.4.10
- Apple Mac OS X 10.4.2
- Apple Mac OS X 10.4.3
- Apple Mac OS X 10.4.4
- Apple Mac OS X 10.4.5
- Apple Mac OS X 10.4.6
- Apple Mac OS X 10.4.7
- Apple Mac OS X 10.4.8
- Apple Mac OS X 10.4.9
- Apple Mac OS X Server 10.4.10
- Apple Mac OS X Server 10.4.2
- Apple Mac OS X Server 10.4.3
- Apple Mac OS X Server 10.4.4
- Apple Mac OS X Server 10.4.5
- Apple Mac OS X Server 10.4.6
- Apple Mac OS X Server 10.4.7
- Apple Mac OS X Server 10.4.8
- Apple Mac OS X Server 10.4.9
- Avaya Aura Application Enablement Services 3.1.3
- Avaya Intuity LX
- Avaya Intuity LX 2.0
- Avaya Message Networking MN 3.1
- Avaya Message Networking
- Avaya Messaging Storage Server MM3.0
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Foresight Linux 1.1
- Gentoo Linux
- libtirpc 0.1.7
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.0
- Mandriva Linux Mandrake 2007.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- MIT Kerberos 5 1.4.0
- MIT Kerberos 5 1.4.1
- MIT Kerberos 5 1.4.2
- MIT Kerberos 5 1.4.3
- MIT Kerberos 5 1.5.0
- MIT Kerberos 5 1.5.1
- MIT Kerberos 5 1.5.2
- MIT Kerberos 5 1.5.3
- MIT Kerberos 5 1.5.4
- MIT Kerberos 5 1.6.0
- MIT Kerberos 5 1.6.1
- MIT Kerberos 5 1.6.2
- nfs nfs-utils 1.0.6
- nfs nfs-utils 1.0.8
- Novell Linux Desktop 9
- Novell Linux POS 9
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 7
- Red Hat Fedora Core6
- rPath rPath Linux 1
- Sun Solaris 10 X86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Connectivity Server
- SuSE Linux Database Server
- SuSE Linux Desktop 10
- SuSE Linux Desktop 1.0.0
- SuSE Linux Enterprise Server for S/390 9.0.0
- SuSE Linux Enterprise Server for S/390
- SuSE Linux Office Server
- SuSE Linux Openexchange Server
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 10.1
- SuSE Linux Personal 10.2
- SuSE Linux Personal 10.2 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 10.1
- SuSE Linux Professional 10.2
- SuSE Linux Professional 10.2 X86 64
- SuSE Novell Linux Desktop 1.0.0
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux POS 9
- SuSE Office Server
- SuSE Open-Enterprise-Server 1
- SuSE Open-Enterprise-Server 9.0.0
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.2
- SuSE openSUSE 10.3
- SuSE SUSE Linux Enterprise Desktop 10
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise SDK 10
- SuSE SUSE Linux Enterprise SDK 10.SP1
- SuSE SUSE Linux Enterprise Server 10
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SUSE Linux Enterprise Server 9 SP3
- SuSE SUSE Linux Enterprise Server SDK 9
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Trustix Operating System Enterprise Server 2.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- Trustix Secure Linux 3.0.5
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
References
- BugTraq: 25534
- CVE: CVE-2007-3999
- URL: http://securitytracker.com/alerts/2007/Sep/1018647.html