Signature Detail

RPC: MIT Kerberos Kadmind Lib Overflow

This signature detects attempts to exploit a known vulnerability in the MIT Kerberos Kadmind. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the deamon.

Extended Description

Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions. This issue also affects third-party applications using the affected RPC library. All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication. Kerberos 5 'kadmind' 1.6.1 and prior versions are vulnerable.

Affected Products

• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.10
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.10
• Avaya Aura Application Enablement Services 4.0
• Avaya Message Networking MN 3.1
• Avaya Message Networking
• Avaya Messaging Storage Server MM3.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Foresight Linux 1.1
• Gentoo Linux
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• HP HP-UX B.11.31
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 X86 64
• MIT Kerberos 4 1.0.0
• MIT Kerberos 4 1.1.0
• MIT Kerberos 4 4.0.0
• MIT Kerberos 4 4.0.0 patch 10
• MIT Kerberos 4 Protocol
• MIT Kerberos 5 1.0.0
• MIT Kerberos 5 1.0.6
• MIT Kerberos 5 1.0.8
• MIT Kerberos 5 1.1.0
• MIT Kerberos 5 1.1.1
• MIT Kerberos 5 1.2.0
• MIT Kerberos 5 1.2.1
• MIT Kerberos 5 1.2.2
• MIT Kerberos 5 1.2.2 -Beta1
• MIT Kerberos 5 1.2.3
• MIT Kerberos 5 1.2.4
• MIT Kerberos 5 1.2.5
• MIT Kerberos 5 1.2.6
• MIT Kerberos 5 1.2.7
• MIT Kerberos 5 1.2.8
• MIT Kerberos 5 1.3.0
• MIT Kerberos 5 1.3.0 -Alpha1
• MIT Kerberos 5 1.3.1
• MIT Kerberos 5 1.3.2
• MIT Kerberos 5 1.3.3
• MIT Kerberos 5 1.3.4
• MIT Kerberos 5 1.3.5
• MIT Kerberos 5 1.3.6
• MIT Kerberos 5 1.4.0
• MIT Kerberos 5 1.4.1
• MIT Kerberos 5 1.4.2
• MIT Kerberos 5 1.4.3
• MIT Kerberos 5 1.5.0
• MIT Kerberos 5 1.5.1
• MIT Kerberos 5 1.5.2
• MIT Kerberos 5 1.5.3
• MIT Kerberos 5 1.5.4
• MIT Kerberos 5 1.6.0
• MIT Kerberos 5 1.6.1
• Novell KDC (Key Distribution Center) 1.0
• Novell KDC (Key Distribution Center) 1.0.2
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• rPath rPath Linux 1
• SGI ProPack 3.0.0 SP6
• SuSE Linux 10.0
• SuSE Linux 10.1
• SuSE openSUSE 10.2
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise SDK 10
• SuSE SUSE Linux Enterprise Server 10
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Trustix Secure Linux 3.0.5
• Turbolinux Appliance Server 2.0
• Turbolinux Home
• Turbolinux Multimedia
• Turbolinux Personal
• Turbolinux 10 F...
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 10.0.0 X64
• Turbolinux Turbolinux Server 8.0.0
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 6.10 Amd64
• Ubuntu Ubuntu Linux 6.10 I386
• Ubuntu Ubuntu Linux 6.10 Powerpc
• Ubuntu Ubuntu Linux 6.10 Sparc
• Ubuntu Ubuntu Linux 7.04 Amd64
• Ubuntu Ubuntu Linux 7.04 I386
• Ubuntu Ubuntu Linux 7.04 Powerpc
• Ubuntu Ubuntu Linux 7.04 Sparc
• VMWare ESX 2.1.3
• VMWare ESX Server 2.0.2
• VMWare ESX Server 2.0.2 Patch 1
• VMWare ESX Server 2.0.2 Patch 2
• VMWare ESX Server 2.0.2 Patch 4
• VMWare ESX Server 2.0.2 Patch 5
• VMWare ESX Server 2.1.3
• VMWare ESX Server 2.1.3 Patch 1
• VMWare ESX Server 2.1.3 Patch 2
• VMWare ESX Server 2.1.3 Patch 5
• VMWare ESX Server 2.5.3
• VMWare ESX Server 2.5.3 Patch 2
• VMWare ESX Server 2.5.3 Patch 4
• VMWare ESX Server 2.5.3 Patch 5
• VMWare ESX Server 2.5.3 Patch 6
• VMWare ESX Server 2.5.3 Patch 7
• VMWare ESX Server 2.5.3 Patch 8
• VMWare ESX Server 2.5.4
• VMWare ESX Server 2.5.4 Patch 1
• VMWare ESX Server 2.5.4 Patch 3
• VMWare ESX Server 2.5.4 Patch 5
• VMWare ESX Server 3.0.0
• VMWare ESX Server 3.0.1
• VMWare ESX Server 3.0.2

References

• BugTraq: 24657
• CVE: CVE-2007-2443
• URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt