CVE-2007-3999

Impact:
Important
Public Date:
2007-09-04
Bugzilla:
250973: CVE-2007-3999 krb5 RPC library buffer overflow

The MITRE CVE dictionary describes this issue as:

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Find out more about CVE-2007-3999 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (nfs-utils-lib) RHSA-2007:0951 2007-10-02
Red Hat Enterprise Linux 4 (nfs-utils-lib) RHSA-2007:0913 2007-09-19
Red Hat Enterprise Linux 5 (krb5) RHSA-2007:0858 2007-09-04

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.