exploits , vulnerabilities , articles , MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability

Title	MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
Published	2007-06-26-12:00AM
Updated	2007-09-20-08:30PM
Class	Boundary Condition Error
CVE	CVE-2007-2443
Remote	Yes
Local	No
Credit	Wei Wang of McAfee Avert Labs is credited with discovering this issue.
Vulnerable	VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 3.0 VMWare ESX Server 2.5.4 Patch 1 VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.3 Patch 4 VMWare ESX Server 2.5.3 VMWare ESX Server 2.5.3 VMWare ESX Server 2.5.3 VMWare ESX Server 2.5.3 VMWare ESX Server 2.5.3 VMWare ESX Server 2.1.3 Patch 2 VMWare ESX Server 2.1.3 VMWare ESX Server 2.1.3 VMWare ESX Server 2.1.3 VMWare ESX Server 2.0.2 Patch 2 VMWare ESX Server 2.0.2 VMWare ESX Server 2.0.2 VMWare ESX Server 2.0.2 VMWare ESX Server 2.5.3 Patch 2 VMWare ESX Server 2.1.3 Patch 1 VMWare ESX Server 2.0.2 Patch 1 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server 2.0 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 TransSoft Broker FTP Server 8.0 SuSE SLES 10 SuSE SLED 10.0 SuSE SLE SDK 10 SuSE openSUSE 10.2 SuSE Linux 10.1 SuSE Linux 10.0 SGI ProPack 3.0 SP6 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 Novell KDC (Key Distribution Center) 1.0.2 Novell KDC (Key Distribution Center) 1.0 MIT Kerberos 5 1.6.1 MIT Kerberos 5 1.6 MIT Kerberos 5 1.5.4 MIT Kerberos 5 1.5.3 MIT Kerberos 5 1.5.2 MIT Kerberos 5 1.5.1 MIT Kerberos 5 1.5 MIT Kerberos 5 1.4.3 MIT Kerberos 5 1.4.2 MIT Kerberos 5 1.4.1 MIT Kerberos 5 1.4 MIT Kerberos 5 1.3.6 Gentoo Linux RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 Trustix Secure Enterprise Linux 2.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 MIT Kerberos 5 1.3.5 MIT Kerberos 5 1.3.4 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 Turbolinux Turbolinux Server 10.0 MIT Kerberos 5 1.3.3 MIT Kerberos 5 1.3.2 MIT Kerberos 5 1.3.1 MIT Kerberos 5 1.3 alpha1 MIT Kerberos 5 1.3 MIT Kerberos 5 1.2.8 MIT Kerberos 5 1.2.7 MIT Kerberos 5 1.2.6 MIT Kerberos 5 1.2.5 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 MandrakeSoft Linux Mandrake 9.0 RedHat Linux 8.0 i386 RedHat Linux 8.0 Turbolinux Home Turbolinux Turbolinux 10 F... Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux Server 8.0 Wirex Immunix OS 7 MIT Kerberos 5 1.2.4 MIT Kerberos 5 1.2.3 MIT Kerberos 5 1.2.2 beta1 MIT Kerberos 5 1.2.2 MIT Kerberos 5 1.2.1 MIT Kerberos 5 1.2 MIT Kerberos 5 1.1.1 RedHat Linux 7.1 ia64 RedHat Linux 7.1 i386 RedHat Linux 7.1 alpha RedHat Linux 7.1 RedHat Linux 7.0 i386 RedHat Linux 7.0 alpha RedHat Linux 7.0 RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.2 MIT Kerberos 5 1.1 MIT Kerberos 5 1.0.8 OpenBSD OpenBSD 3.2 OpenBSD OpenBSD 3.1 MIT Kerberos 5 1.0.6 MIT Kerberos 5 1.0 MIT Kerberos 4 Protocol MIT Kerberos 4 4.0 patch 10 MIT Kerberos 4 4.0 MIT Kerberos 4 1.1 MIT Kerberos 4 1.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia64 Debian Linux 4.0 ia32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking MN 3.1 Avaya Message Networking Avaya AES 4.0 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.10 Apple Mac OS X 10.3.9
Not Vulnerable	VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.3 VMWare ESX Server 2.1.3 VMWare ESX Server 2.0.2 Novell KDC (Key Distribution Center) 1.0.3 MIT Kerberos 5 1.6.2
Code	Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:content@securitydot.net.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
• 2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 21:59:13 +0000