Debian Security Advisory DSA 1387-1 (librpcsecgss) Network Vulnerability

Summary

The remote host is missing an update to librpcsecgss announced via advisory DSA 1387-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201387-1

Insight

It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments. The old stable distribution (sarge) does not contain a librpcseggss package. For the stable distribution (etch), this problem has been fixed in version 0.14-2etch3. For the unstable distribution (sid), this problem has been fixed in version 0.14-4. We recommend that you upgrade your librpcsecgss package.

Severity

Classification

CVE CVE-2007-3999, CVE-2007-4743

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1029-1 (libphp-adodb)
Debian Security Advisory DSA 012-1 (micq)
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
Debian Security Advisory DSA 051-1 (netscape)
Debian Security Advisory DSA 1021-1 (netpbm-free)

Take action and discover your vulnerabilities