Home > Vulnerability Database > CVE-2007-4743

Mend.io Vulnerability Database

CVE-2007-4743

Date: September 6, 2007

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Severity Score

9.8

Related Resources (19)

Url: http://www.securityfocus.com/archive/1/478794/100/0/threaded

Url: http://www.securityfocus.com/archive/1/478748/100/0/threaded

Url: http://docs.info.apple.com/article.html?artnum=307041

Url: http://www.securityfocus.com/bid/26444

Url: https://issues.rpath.com/browse/RPL-1696

Url: http://www.novell.com/linux/security/advisories/2007_19_sr.html

Url: http://www.ubuntu.com/usn/usn-511-2

Url: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Url: http://www.debian.org/security/2007/dsa-1387

Url: http://www.vupen.com/english/advisories/2007/3868

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4743

Url: http://secunia.com/advisories/26987

Url: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86

Url: http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0892.html

Url: http://secunia.com/advisories/26699

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239

Url: http://secunia.com/advisories/27643

Url: https://www.mend.io/vulnerability-database/CVE-2007-4743

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-4743

Date: September 6, 2007

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?