Signature Detail
Short Name |
RPC:KADMIND-RENAME |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
RPC |
Keywords |
MIT Kerberos kadmind Rename Principal Buffer Overflow |
Release Date |
2011/02/17 |
Update Number |
1869 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RPC: MIT Kerberos kadmind Rename Principal Buffer Overflow
This signature detects attempts to exploit a known vulnerability against MIT Kerberos Kadmind. A successful attack can lead to arbitrary code execution.
Extended Description
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication. Kerberos 5 'kadmind' 1.6.1, 1.5.3, and prior versions are vulnerable.
Affected Products
- Apple Mac OS X 10.3.9
- Apple Mac OS X 10.4.10
- Apple Mac OS X Server 10.3.9
- Apple Mac OS X Server 10.4.10
- Avaya Aura Application Enablement Services 4.0
- Avaya Interactive Response 1.3.0
- Avaya Interactive Response 2.0
- Avaya Message Networking MN 3.1
- Avaya Message Networking
- Avaya Messaging Storage Server MM3.0
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Foresight Linux 1.1
- Gentoo Linux
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- HP HP-UX B.11.31
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.0
- Mandriva Linux Mandrake 2007.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- MIT Kerberos 5 1.5.0
- MIT Kerberos 5 1.5.1
- MIT Kerberos 5 1.5.2
- MIT Kerberos 5 1.5.3
- MIT Kerberos 5 1.6.0
- MIT Kerberos 5 1.6.1
- Novell KDC (Key Distribution Center) 1.0
- Novell KDC (Key Distribution Center) 1.0.2
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Clustering 5 Server
- Red Hat Enterprise Linux Cluster-Storage 5 Server
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Multi OS 5 Client
- Red Hat Enterprise Linux Desktop Supplementary 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux Hardware Certification 5
- Red Hat Enterprise Linux Optional Productivity Application 5 Server
- Red Hat Enterprise Linux Supplementary 5 Server
- Red Hat Enterprise Linux Virtualization 5 Server
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- SGI ProPack 3.0.0 SP6
- Sun SEAM 1.0.1
- Sun Solaris 10 X86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- SuSE Linux 10.0
- SuSE Linux 10.1
- SuSE openSUSE 10.2
- SuSE SUSE Linux Enterprise Desktop 10
- SuSE SUSE Linux Enterprise SDK 10
- SuSE SUSE Linux Enterprise Server 10
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- Trustix Secure Linux 3.0.5
- Turbolinux Appliance Server 2.0
- Turbolinux Home
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 10 F...
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 10.0.0 X64
- Turbolinux Turbolinux Server 8.0.0
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
- VMWare ESX 2.1.3
- VMWare ESX Server 2.0.2
- VMWare ESX Server 2.0.2 Patch 1
- VMWare ESX Server 2.0.2 Patch 2
- VMWare ESX Server 2.0.2 Patch 4
- VMWare ESX Server 2.0.2 Patch 5
- VMWare ESX Server 2.1.3
- VMWare ESX Server 2.1.3 Patch 1
- VMWare ESX Server 2.1.3 Patch 2
- VMWare ESX Server 2.1.3 Patch 5
- VMWare ESX Server 2.5.3
- VMWare ESX Server 2.5.3 Patch 2
- VMWare ESX Server 2.5.3 Patch 4
- VMWare ESX Server 2.5.3 Patch 5
- VMWare ESX Server 2.5.3 Patch 6
- VMWare ESX Server 2.5.3 Patch 7
- VMWare ESX Server 2.5.3 Patch 8
- VMWare ESX Server 2.5.4
- VMWare ESX Server 2.5.4 Patch 1
- VMWare ESX Server 2.5.4 Patch 3
- VMWare ESX Server 2.5.4 Patch 5
- VMWare ESX Server 3.0.0
- VMWare ESX Server 3.0.1
- VMWare ESX Server 3.0.2
References
- BugTraq: 24653
- CVE: CVE-2007-2798