SuSE Update For Krb5 SUSE-SA:2007:038 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

The KRB5 libraries and utilities contained two security problems for which updates were released. - CVE-2007-2798: A stack-based buffer overflow in kadmind was fixed which can be exploited by authenticated remote users to gain root. This requires kadmind to run to be effective. - CVE-2007-2443: Additionally two bugs in the RPC library of kadmind were fixed that can lead to remote system compromise. Note that third-party applications using this RPC library are vulnerable too.

Affected

krb5 on SUSE LINUX 10.1, openSUSE 10.2, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1

References

http://www.novell.com/linux/security/advisories/2007_38_krb5.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-2442, CVE-2007-2443, CVE-2007-2798

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for freetype2
SLES10: Security update for libxml2
SLES10: Security update for IBM Java 5
SLES10: Security update for nfs-utils
SLES10: Security update for Linux Kernel (x86)

SuSE Update for krb5 SUSE-SA:2007:038

Take action and discover your vulnerabilities