SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-2798

Date: (C)2007-06-26 (M)2023-12-22

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1018295

SUNALERT-102985

http://www.securityfocus.com/archive/1/472289/100/0/threaded

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=548

http://www.securityfocus.com/archive/1/472432/100/0/threaded

http://www.securityfocus.com/archive/1/472507/30/5970/threaded

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

APPLE-SA-2007-07-31

SUSE-SA:2007:038

http://docs.info.apple.com/article.html?artnum=306172

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

https://issues.rpath.com/browse/RPL-1499

https://secure-support.novell.com/KanisaPlatform/Publishing/327/3675615_f.SAL_Public.html

kerberos-renameprincipal2svc-bo(35080)

oval:org.mitre.oval:def:1726

oval:org.mitre.oval:def:7550

oval:org.mitre.oval:def:9996

cpe:/o:canonical:ubuntu_linux:7.04
cpe:/o:canonical:ubuntu_linux:6.06
cpe:/o:debian:debian_linux:3.1
cpe:/o:debian:debian_linux:4.0
...

© SecPod Technologies